HACKERS STRIKE BACK
Criminals this morning massively attacked Dyn, a company that provides core Internet services for Twitter, SoundCloud, Spotify, Reddit and a host of other sites, causing outages and slowness for many of Dyn’s customers.
In a statement Dyn said last morning that Dyn received a global distributed denial of service (DDoS) attack on its DNS infrastructure on the east coast starting at around 7:10 a.m. ET (11:10 UTC).
“DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time. Updates will be posted as information becomes available” the company wrote.
DYN encouraged customers with concerns to check the company’s status page for updates and to reach out to its technical support team.
A DDoS is when crooks use a large number of hacked or ill-configured systems to flood a target site with so much junk traffic that it can no longer serve legitimate visitors.
DNS refers to Domain Name System services. DNS is an essential component of all Web sites, responsible for translating human friendly Web site names like “abc.com” into numeric, machine readable Internet addresses. Anytime you send an e-mail or browse a Web site, your machine is sending a DNS lookup request to your Internet service provider to help route the traffic.
In a statement Dyn said last morning that Dyn received a global distributed denial of service (DDoS) attack on its DNS infrastructure on the east coast starting at around 7:10 a.m. ET (11:10 UTC).
“DNS traffic resolved from east coast name server locations are experiencing a service interruption during this time. Updates will be posted as information becomes available” the company wrote.
DYN encouraged customers with concerns to check the company’s status page for updates and to reach out to its technical support team.
A DDoS is when crooks use a large number of hacked or ill-configured systems to flood a target site with so much junk traffic that it can no longer serve legitimate visitors.
DNS refers to Domain Name System services. DNS is an essential component of all Web sites, responsible for translating human friendly Web site names like “abc.com” into numeric, machine readable Internet addresses. Anytime you send an e-mail or browse a Web site, your machine is sending a DNS lookup request to your Internet service provider to help route the traffic.
According to Andrew Sullivan, Dyn fellow and chair of the Internet Architecture Board on the Internet Outage announcement mailing list, the attack is being made against "the Dyn managed DNS infrastructure,
which is the anycast deployment." This is the service that major
companies use to make sure their DNS services work smoothly. Without
these services - think of them as the Internet's master phonebook -
you can't easily find websites.
The size of the DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so called Internet of Things devices - poorly secured Internet based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps attack that hit my site last month was launched by a botnet built on Mirai, for example.
Let me be clear - I have no data to indicate that the attack on Dyn is related to extortion, to Mirai or to any of the companies or individuals Madory referenced in his talk this week in Dallas. But Dyn is known for publishing detailed writeups on outages at other major Internet service providers. Here’s hoping the company does not deviate from that practice and soon publishes a postmortem on its own attack.
Update 3:50 P.M. ET: Security firm Flashpoint is now reporting that they have seen indications that a Mirai based botnet is indeed involved in the attack on Dyn today. Separately, I have heard from a trusted source who’s been tracking this activity and saw chatter in the cybercrime underground yesterday discussing a plan to attack Dyn.
Update 10:22 A.M. ET: Dyn’s status page reports that all services are back to normal as of 13:20 UTC (9:20 a.m. ET). Fixed the link to Doug Madory’s talk on Youtube, to remove the URL shortener (which isn’t working because of this attack).
Update 1:01 P.M. ET: Looks like the attacks on Dyn have resumed and this event is ongoing. This, from the Dyn status page-
- This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue.
- Oct 21, 16:48 UTC As of 15:52 UTC, we have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue.
No comments:
Post a Comment