How Friday's cyberattack shut down Netflix, Twitter, and Spotify

Behind the attack was the Mirai botnet, which bombarded Dyn DNS company's servers with millions of requests, preventing access to many major sites.

Jim Cole/AP
This photo shows Dyn, a New Hampshire internet service company, in the old mill section of the city, Friday Oct. 21, 2016 in Manchester, N.H. Cyberattacks on a key internet firm repeatedly disrupted the availability of popular websites across the United States Friday, according to analysts and company officials. The White House described the disruption as malicious.

On Friday morning, internet users all over the United States attempted to log in to Twitter and Netflix, only to find that a massive cyberattack rendered them unable to connect to some of the world's most popular websites. Despite fixing the issue, the sites went down again later in the day, victim to another attack. After a third hit, the problem was finally brought under control.

While the identity of the attackers is still unknown, experts have figured out how they attack was carried out. Taking advantage of a botnet of internet-enabled devices, possibly with publicly available source code, hackers were able to clog up traffic to major websites, effectively shutting out human users with an army of automated bots. The scale and success of the attack is causing many companies and organizations to reevaluate their approach to protect websites and consumers from this kind of vulnerability in the future.

The sites that went down, which included CNN and The New York Times, were all customers of Dyn DNS Company, a company that specializes in online infrastructure. One of the company's main functions is to translate human-readable inputs into IP addresses, which can then be used to route online traffic in an efficient manner. But this function was disrupted on Friday when hackers launched a distributed denial of service (DDoS) attack on DNS servers. As The Christian Science Monitor's Story Hinckley explained:

If it weren’t for DNS, internet users would have to know the IP address for a site (such as instead of the simple domain name (such as 

And a DDoS attack effectively breaks down a server’s searching capabilities by overloading a system with server requests. 

In order to overload these servers, hackers turned to a malware program known as Mirai. The program takes over network-enabled items such as CCTV cameras, DVRs, and even innocuous household items, networking them together into a botnet to launch a barrage of requests at a target. While computers and phones have more sophisticated security equipment to resist this sort of takeover, many Internet of Things (IoT) devices do not have these protections, and can be easily taken over by hackers.

"IoT security has been horribly flawed ever since it first became a thing, largely because of the pace that new products have to go to market, and the fact that designing security is seen by vendors as 'slowing things down,'" Casey Ellis, CEO of Bugcrowd, a San Francisco-based computer security service, told the Lansing State Journal.

With anything from TVs to refrigerators to toasters being created with the capability to connect to a network, these low-security IP addresses have become a tempting target for cybercriminals. Any device with an internet connection has an IP address that can be used by Mirai. 

"It is just a matter of time until attackers find a way to profit from attacking IoT devices," warned a 2015 report from Symantec, a technology company specializing in security. "This may lead to connected toasters that mine cryptocurrencies or smart TVs that are held ransom by malware. Unfortunately, the current state of IoT security does not make it difficult for attackers to compromise these devices once they see the benefit of doing so."

If an attack like this through IoT devices was inevitable, it was made imminent when a hacker known as Anna_Senpai released Mirai's source code to the public earlier this month, according to Fast Company. Anna_Senpai, the likely creator of the program, likely released the code in order to avoid being the only one found with the code if law enforcement comes calling. This is a common tactic for hackers who suspect they might be close to being found out, according to Krebs on Security. In this case, it also makes it difficult to determine whether the Friday attack was orchestrated by the person or persons behind Anna_Senpai, or by others who were able to copy the Mirai source code.

The attack comes amid the President Obama's accusations that Russian hacking has taken place in an attempt to influence the outcome of the upcoming  US presidential election. With increasingly sophisticated and consequential cyberattacks on the rise in an online world, commitment to cybersecurity is swiftly moving to the forefront of both federal and private concerns.

"We're proud of the way the Dyn team and the internet community of which we're a part came together to meet yesterday's challenge," reads a Saturday statement from the company on Saturday. "Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to How Friday's cyberattack shut down Netflix, Twitter, and Spotify
Read this article in
QR Code to Subscription page
Start your subscription today