On Friday, millions of consumers found they couldn't reach Netflix, Amazon, Twitter, and a handful of other major web destinations.
The reason, we are told, is that hackers unleashed a massive denial-of-service (DoS) attack against these sites that overwhelmed their common DNS provider, Dyn. We now know how they did it, and it should serve as a warning of more cyber chaos to come.
According to a statement from Dyn, released over the weekend, the sites were simultaneously hit with requests for access by tens of millions of IP addresses. But how could hackers in some remote location do that?
Simple: they infected tens of millions of electronic devices – things like printers, thermostats, and other ordinary devices that now connect to the internet – the so-called Internet of Things (IoT). Each of these devices has its own IP address, just like a computer.
A simple botnet coordinated the attack
Dyn says its preliminary investigation has shown that many of the devices had been infected with a malware called Mirai, a botnet.
“We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” Dyn said in its statement.
As for the timeline, Dyn said the first attack was launched around 7:00 a.m. ET. Dyn’s Network Operations Center (NOC) was able to overcome the attack after about two hours and restore service. The first attack impacted mostly the East Coast.
A second attack occurred around Noon ET and affected the entire country. This time it took about an hour to restore service.
Third attack failed
Dyn says there was a third attack, but because its personnel were ready for it, they were able to mitigate it without a disruption of service.
So what's the big take away from Friday's confusion? As Fortune observes, the devices that allowed the attack to happen are still out there, still connected to the internet, and as far as anyone knows, not repaired or patched. There's nothing to say hackers couldn't do it again if they wanted to.
Fortune quotes security researcher Brian Krebs as saying the companies that make IoT devices are mostly to blame for the vulnerability, charging that printers, cameras, and routers are not protected by adequate security.