Attacks against a core internet firm play havoc with some of the world's most popular websites.
Laura HautalaFormer Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
ExpertiseE-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking.Credentials
2022 Eddie Award for a single article in consumer technology
The outages eased after two hours but returned with a vengeance at midday, affecting areas across the US and parts of Europe.
"The earlier issues have resurfaced & some people may still be having trouble accessing Twitter," the company tweeted. "We're working on it!" Meanwhile, the US Department of Homeland Security said it was "investigating all potential causes."
It wasn't until late in the day that Dyn said the issue had been resolved.
Hackers had used what's known as a distributed denial of service attack (DDoS) -- conscripting hordes of internet-connected devices like computers, routers and security cameras into a botnet -- to cripple Dyn's servers.
Based in New Hampshire, Dyn is both a DNS service provider -- translating URLs into IP addresses -- and an internet management company, helping website customers get the best-possible online performance. It also filters out bad traffic headed to the websites, and that's where things fell apart Friday. By overwhelming Dyn, the attackers were able to overwhelm many of its customers.
Last month, noted security expert Bruce Schneier said core internet companies were seeing people probing their networks to learn how well they could respond to DDoS attacks. The title of his blog post: "Someone is learning how to take down the internet."
Cybersecurity company Flashpoint said Friday the botnet attacking Dyn was built with the same malicious software that launched the attack against Krebs and French website OVH -- the two most powerful DDoS attacks on record. Called Mirai, the malware works by "enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks," Flashpoint researchers said in a statement.
Until now, successful attacks on sites as large and popular as Twitter, Reddit and Netflix have been rare.
"Given the drastic increase lately in the size and scope of DDoS attacks, DNS providers [like Dyn] are scrambling to increase bandwidth capacity to withstand the latest attacks," said Jeremiah Grossman, chief of security for cybersecurity company SentinelOne. "They are attractive targets for large-scale DDoS attacks."
Having just about everything connected to the internet doesn't help. Before, the bad guys had to rope in thousands of computers to launch their attacks. Now they have potentially millions of smart TVs, refrigerators, home routers, security cameras -- even baby monitors -- at their disposal.
Given how easy these devices tend to be for hackers to compromise, researchers like Shankar Somasundaram of Symantec think DDoS attacks will just get worse.
"There will be more of these attacks," he said.
First published October 21 at 6:52 a.m. PT. Most recently updated on October 22 at 8:58 a.m.: After updates throughout the day Friday, which included the addition of comments from Twitter and others, as well as various background information, this story was recast Saturday to reflect that the outage had been brought under control.