Twitter wasn't working and neither was Netflix. Spotify was down, too. And anyone visiting Amazon, PayPal, or Reddit probably encountered trouble on the web.
For much of the day Friday, the internet's core infrastructure was under a massive attack, shutting off access to many sites and slowing down the internet for much of the East Coast.
The disruptions were caused by a series of cyberattacks on Dyn, a provider of internet performance services to many of the biggest tech companies. Starting early Friday, Dyn experienced multiple distributed denial of service, or DDoS, attacks in which adversaries overload a victim's network with traffic directed from a large number of malware-infected devices.
The first attack started at around 7:30 a.m. Eastern time and targeted Dyn's infrastructure in the East Coast, causing problems for several sites that depend on it for managing traffic. Throughout the day, attackers hit Dyn with a second and then a third wave of DDoS attacks that targeted the company's 18 globally distributed data centers.
In a conference call with reporters late Friday afternoon, Dyn officials described the attacks as ongoing, highly sophisticated, and coming at the company from tens of millions of internet addresses from around the world. "This is an ongoing situation that we are monitoring closely," said Dave Allen, Dyn's general counsel. "We have seen three waves and there is no reason why we can’t expect more."
Many of the devices participating in the attack are compromised home routers, DVRs, and other equipment connected to the internet. They make up a so-called botnet comprised of malware-infected devices that has been dubbed Mirai. Attackers also used the botnet in a recent attack on the website of investigative cybersecurity blogger Brian Krebs and the other against a major French internet service provider.
Kyle York, Dyn's chief strategy officer, said there is nothing to suggest that Friday's DDoS targeted Dyn's customers, but he refused to speculate on motives or who might be responsible for the attacks.
Earlier, Mr. Krebs noted the attacks on Dyn started hours after a researcher at the company presented a talk on DDoS attacks. The talk included information the researcher provided to Krebs for an article on a security company that allegedly offers DDoS services for hire.
Still, NBC News quoted a senior US intelligence official as describing the attacks as a case of "internet vandalism." There is nothing to suggest state-sponsored activity, the official added.
Regardless of the motive, Friday's attack shows how a well-targeted attack has the potential to cause widespread havoc on the internet.
Even though many security analysts have said concerns about attacks knocking out entire swathes of the internet are overblown, this week’s attacks show there are still plenty of opportunities to create considerable disruption.
"Providers like Dyn ... because of the nature of their business services, are attractive targets for DDoS attacks," said Tony Anscombe, senior security evangelist at Avast Software. Adversaries like going after such companies because it gives them an opportunity to maximize disruption, he said.
Security experts have for sometime expressed serious concern over the inherent lack of security in many of the consumer and home products that are being connected to the internet these days. But few had expected that threat actors would be able to take advantage of them so quickly and so easily to launch attacks.
"The really frightening part of this is not that we will be struggling with these new attacks for some time," said Chris Sullivan, general manager of intelligence and analytics at Core Security. "But that the underlying weakness which makes them successful can and will be used to unleash more serious attacks."