How an attack on a company you've never heard of crushed the internet

Karissa Bell
Updated
Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f256322%2fap_98883631310
Https%3a%2f%2fblueprint-api-production.s3.amazonaws.com%2fuploads%2fcard%2fimage%2f256322%2fap_98883631310

Much of the Internet was brought to a screeching halt Friday as a cyberattack on a company many had previously never heard of brought down many of the most popular online services, including Twitter and Spotify.

As of Friday afternoon, much of the drama was still playing out, though more details are slowly emerging. While the full story won't be clear for some time, if ever, we are now beginning to understand how this happened. 

What is DYN and DNS?

This particular attack targeted Dyn, a New Hampshire-based internet company that provides a service called domain name systems to some of the most-trafficked sites on the internet.

SEE ALSO: How your smart device caused the internet to crash and burn

Domain name systems, or DNS, is a key part of the underlying infrastructure of the internet. Sometimes described as the "phonebook" or "GPS" of the internet, DNS enables browsers to connect with websites. 

When you enter a URL, like twitter.com, into your browser, you understand that you are trying to access Twitter, but your computer can only point you to the correct website when the URL is translated into a specific numerical code called an IP address. DNS is the technology that translates URLs into IP addresses. 

A particular service, like Twitter, usually isn't hosted in a single place. Much of its data is duplicated and stored on servers in several regions so, say, users in New York can access the site as quickly as those in Hong Kong. Thanks to DNS and DNS service companies, your browser knows which data is the best to access, and they also keep the data current.

By targeting Dyn, this attack disrupted that process so that your browser can't figure out where it needs to go when you enter the URL. This also makes it particularly challenging for affected sites since over the last few years they've handed DNS services almost completely over to third parties (in this case, Dyn). 

Intel Security's Chief Technology Officer Steve Grobman compares it to losing GPS when you don't know where you're going. "If you think about going to the store but the GPS system was compromised and you had no way to navigate there, it doesn't really matter that — in theory — the store is open somewhere," he explains

So how did this attack happen?

In this case, the attackers used a technique called distributed denial of service (DDoS) in order to bring down Dyn, which in turn made Twitter and many other sites inaccessible. DDoS attacks, which are surprisingly simple and increasingly common, use huge networks of malicious software called botnets to bring down a specific service by overwhelming it. Think of how websites sometimes go down due to huge, often unexpected, volumes of traffic; DDoS attacks are designed to intentionally bring services down the same way. 

Dyn has yet to elaborate on the source of the attacks, but security analysts at Flashpoint say they have linked the attack to previous ones that have used networks of connected devices, like "smart" refrigerators and other gadgets, to bring down websites. As Mashable previously noted, the so-called "Internet of Things," is an easy target for hackers to turn into botnets as many devices have lax security. 

What happens next?

It could be some time before we find out the source of the attack and just how widespread its effects are. But one thing is clear, it sets a troubling precedent for how back-end providers like Dyn can be exploited. By targeting the companies that power the typically invisible processes that make up the backbone of the internet, hackers can bring down all kinds of services without ever touching those sites themselves.

Still, Intel's Grobman says the outlook isn't entirely negative, noting that with each attack, the security community is learning.

"In some ways, this event is positive in educating people that it's possible for critical capabilities that we rely on for information exchange — entertainment, access to media — can become unavailable due to a cyberattack, and that cyberattack might not have to be directed toward the entity itself. 

"There'a lot we can learn. Really recognizing that anything in the critical path that can be attacked are things we need to look at as part of building a comprehensive defense."

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories