We’re no strangers to Armageddon-scenario movies, but today a real disaster hit the internet. Using brute-force tactics that flood key elements of the internet’s structure, cybercriminals managed to shut down a variety of popular websites. The resulting chaos essentially closed the entire East Coast of the U.S., before spreading to other parts of the country and overseas, from a section of the web. Big names such as Twitter, Spotify, Netflix, and more count among those affected. The natural question is “How did this happen?” It happened due to a Distributed Denial of Service attack — or DDoS for short.
While powerful tools may seem miles ahead of the average cyber crook’s ventures, DDoS attacks aren’t incredibly complicated. Plainly speaking, these tools are available to any cybercriminal wanting to get their hands on them.
So let’s cover the term “DDoS.” A Distributed Denial of Service is when perpetrators flood a website with so much traffic that it shuts the site down. Essentially, think of a traffic jam so bad that nobody can enter onto the freeway. Such attacks require a huge amount of devices to succeed — we’re not talking about dozens, we’re talking about up to a million. To really understand the scale of these attacks, watch these videos.
Now how do criminals get a hold of so many devices? By slipping malicious codes onto devices that aren’t secured — or are using factory-set default passwords — cybercriminals can create an army of hijacked devices from across the globe. This is known as a botnet. And with all of today’s connected-devices, crooks are finding it easier to increase their botnets’ ranks. Even the modern kitchen toaster can be vulnerable.
Now, we’re still waiting for details from this incident. We’re still unsure which devices or criminals were involved. But one crucial fact is worthy of note: this attack didn’t hit websites one-by-one. To create wide-spread damage, perpetrators targeted something that every website relies on: a Domain Name System (DNS) service.
Whether you’re aware or not, the DNS is used every time a browser fires up. Think of it as the address book for the internet. Computers don’t speak the same language as humans. So when you type in “www.netflix.com,” a DNS provider has to first translate those letters into numbers which computers understand. When you want to see a website, this is how your browser finds the right servers to connect to.
Now we’re ready to tackle the original question: how did an attack of such scale happen? Ultimately, cybercriminals targeted a large DNS provider. Specifically, the victim was Dyn. They support many of your favorite websites. Think of Twitter, Spotify, Netflix, PayPal, and Reddit. By launching a DDoS attack on the DNS provider, crooks blocked people’s browsers from accessing the servers of many popular websites — the very infrastructure of the internet itself was attacked.
Today’s news comes as a great shock. The truth is, we haven’t seen anything at quite this scale before. Think about it: an entire region of the United States was blocked from accessing parts of the internet. So if a cybersecurity wake-up call was needed, this is it. In my colleague Steve Grobman’s words, “this is a reminder of how effective an attack on one can be an effective attack on many.”
Stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.