Modern field guide to security and privacy

Here's what crippled the internet

An unprecedented and alarming attack on the internet's core infrastructure shutdown much of the web Friday in another sign of the growing sophistication of malicious cyberattacks.  

Richard Drew/AP/File

Twitter wasn't working and neither was Netflix. Spotify was down, too. And anyone visiting Amazon, PayPal, or Reddit probably encountered trouble on the web.

For much of the day Friday, the internet's core infrastructure was under a massive attack, shutting off access to many sites and slowing down the internet for much of the East Coast.

The disruptions were caused by a series of cyberattacks on Dyn, a provider of internet performance services to many of the biggest tech companies. Starting early Friday, Dyn experienced multiple distributed denial of service, or DDoS, attacks in which adversaries overload a victim's network with traffic directed from a large number of malware-infected devices.  

The first attack started at around 7:30 a.m. Eastern time and targeted Dyn's infrastructure in the East Coast, causing problems for several sites that depend on it for managing traffic. Throughout the day, attackers hit Dyn with a second and then a third wave of DDoS attacks that targeted the company's 18 globally distributed data centers.  

In a conference call with reporters late Friday afternoon, Dyn officials described the attacks as ongoing, highly sophisticated, and coming at the company from tens of millions of internet addresses from around the world. "This is an ongoing situation that we are monitoring closely," said Dave Allen, Dyn's general counsel. "We have seen three waves and there is no reason why we can’t expect more."

Many of the devices participating in the attack are compromised home routers, DVRs, and other equipment connected to the internet. They make up a so-called botnet comprised of malware-infected devices that has been dubbed Mirai. Attackers also used the botnet in a recent attack on the website of investigative cybersecurity blogger Brian Krebs and the other against a major French internet service provider.

Kyle York, Dyn's chief strategy officer, said there is nothing to suggest that Friday's DDoS targeted Dyn's customers, but he refused to speculate on motives or who might be responsible for the attacks.

Earlier, Mr. Krebs noted the attacks on Dyn started hours after a researcher at the company presented a talk on DDoS attacks. The talk included information the researcher provided to Krebs for an article on a security company that allegedly offers DDoS services for hire.

Still, NBC News quoted a senior US intelligence official as describing the attacks as a case of "internet vandalism." There is nothing to suggest state-sponsored activity, the official added.

Regardless of the motive, Friday's attack shows how a well-targeted attack has the potential to cause widespread havoc on the internet. 

Even though many security analysts have said concerns about attacks knocking out entire swathes of the internet are overblown, this week’s attacks show there are still plenty of opportunities to create considerable disruption.

"Providers like Dyn ... because of the nature of their business services, are attractive targets for DDoS attacks," said Tony Anscombe, senior security evangelist at Avast Software. Adversaries like going after such companies because it gives them an opportunity to maximize disruption, he said. 

Security experts have for sometime expressed serious concern over the inherent lack of security in many of the consumer and home products that are being connected to the internet these days. But few had expected that threat actors would be able to take advantage of them so quickly and so easily to launch attacks.

"The really frightening part of this is not that we will be struggling with these new attacks for some time," said Chris Sullivan, general manager of intelligence and analytics at Core Security. "But that the underlying weakness which makes them successful can and will be used to unleash more serious attacks."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Here's what crippled the internet
Read this article in
QR Code to Subscription page
Start your subscription today