Internet users across the United States on Friday were blocked from accessing popular websites like Twitter, Reddit, HBO, Netflix, and others, as part of what officials are calling an “unprecedented” cyberattack. The cyberweapons? Ordinary smart devices, like baby monitors and webcams — the array of devices comprising the “internet of things” — were hijacked by hackers and transformed into conduits for a massive online assault.
The attacks came in three waves, starting at about 7 a.m. on the East Coast of the U.S., and then spread across the country and into Europe, with the last one rolling in at about 4 p.m. ET.
The target of the attack was a company called Dyn, whose servers reroute traffic for some of the busiest sites on the web. You’d probably never heard of Dyn until now, but it’s an essential component to how the internet works. According to the company, its service acts as a “phone book for the internet,” connecting the web address you type in your browser to the IP address the computer ultimately needs to locate your destination.
Dyn concluded on Saturday that it had been hit by a “sophisticated” “distributed denial-of-service attack (DDoS),” meaning it had been overwhelmed by a flood of junk traffic requests, rendering many of the websites it services inaccessible.
Though Dyn’s Chief Strategy Officer Kyle York said DDoS attacks are not uncommon in this day and age, Friday’s attack was at a scale he had never seen before and involved “tens of millions of IP addresses” associated with the Mirai malware.
Security firm Flashpoint said on Saturday that hackers had established a “botnet,” a network of personal computers or devices that have been infected with malware without the owner’s knowledge. In this case, hackers created a botnet using a web of smart devices, like webcams, baby monitors, and thermostats, which they infected with malicious software and then unleashed as part of a massive DDoS attack.
Affected websites included PayPal, the BBC, Etsy, Tumblr, Yelp, The New York Times, Starbucks, Visa, CNN, Spotify, the PlayStation Network, and Airbnb.
Who was responsible?
Hacktivist groups Anonymous and New World Hackers were quick to claim responsibility for the online siege. The shadowy online groups said the attacks were in retaliation for the Ecuadorian government’s decision to cut off WikiLeaks founder Julian Assange’s internet access last week. But experts and investigators remain skeptical, Politico reported, because they doubt that those groups have the capability to orchestrate such a large-scale attack.
On Sunday, New World Hackers posted a letter on Twitter announcing they were “done hacking” and had considered retirement.
Nevertheless, the U.S. Department of Homeland Security and the FBI said they are investigating “all potential causes” of the attack on Dyn. Both declined to speculate as to who was behind it.
Heightened security concerns
Friday’s online siege follows months of heightened cybersecurity fears in the U.S. after hackers breached Democratic political organizations earlier this year. National cybersecurity officials have blamed those attacks on hackers working on behalf of Russia’s intelligence agency.
Yet it was too early to identify the origins of Friday’s massive DDoS attack, and cybersecurity experts who spoke to NBC News cautioned against jumping to conclusions. A representative from the New World Hackers “Prophet” told Politico that their group was not affiliated with Russia. “Russia is against the U.S. and we are against Russia,” Prophet said.
Many Americans are particularly concerned that hackers could interfere with the fast-approaching presidential election. A recent survey conducted by security firm Carbon Black found that one in five voting Americans considered skipping the polling booth this year, citing hacking fears.
In February, at the Senate Armed Services Committee, director of National Intelligence James Clapper said that cybersecurity was the agency’s number one concern. Clapper particularly highlighted the agency’s concern regarding attacks by “ideologically motivated hackers.” And CIA director John Brennan cited similar concerns during an interview with CBS’ “60 Minutes” earlier this year.
Dynatrace, which monitors more than 150 websites, said a little more than half had been affected in Friday’s attacks, resulting in a loss of up to $110 million in revenue and sales, CNN Money reported.
Security experts have recently warned that DDoS attacks like the one on Friday will likely grow stronger in the coming years, especially if calls to better secure the ever-expanding “internet of things” go unheeded.