DDoS attacks on Dyn

Last updated
DDoS attacks on Dyn
Level3 Outage Map (US) - 21 October 2016.png
Map of the areas most affected by the attacks,
16:45 UTC, 21 October 2016. [1]
DateOctober 21, 2016 (2016-10-21)
Time11:10 – 13:20 UTC
15:50 – 17:00 UTC
20:00 – 22:10 UTC [2]
Location Europe and North America, especially the Eastern United States
Type Distributed denial-of-service
ParticipantsUnknown
SuspectsNew World Hackers, Anonymous
(self-claimed)

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. [3] [4] The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided. [5]

Contents

As a DNS provider, Dyn provides to end-users the service of mapping an Internet domain name—when, for instance, entered into a web browser—to its corresponding IP address. The distributed denial-of-service (DDoS) attack was accomplished through numerous DNS lookup requests from tens of millions of IP addresses. [6] The activities are believed to have been executed through a botnet consisting of many Internet-connected devices—such as printers, IP cameras, residential gateways and baby monitors—that had been infected with the Mirai malware.

Affected services

Services affected by the attack included:

Investigation

White House spokesperson Josh Earnest responds on October 21, 2016, the day of the attack

The US Department of Homeland Security started an investigation into the attacks, according to a White House source. [30] [31] [32] No group of hackers claimed responsibility during or in the immediate aftermath of the attack. [33] Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks. [34] Barbara Simons, a member of the advisory board of the United States Election Assistance Commission, said such attacks could affect electronic voting for overseas military or civilians. [34]

Dyn disclosed that, according to business risk intelligence firm FlashPoint and Akamai Technologies, the attack was a botnet coordinated through numerous Internet of Things-enabled (IoT) devices, including cameras, residential gateways, and baby monitors, that had been infected with Mirai malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect Inc., another security firm. [35] Dyn stated that they were receiving malicious requests from tens of millions of IP addresses. [6] [36] Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely.

Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet in an open-source manner some weeks prior, which made the investigation of the perpetrator more difficult. [37]

On 25 October 2016, US President Obama stated that the investigators still had no idea who carried out the cyberattack. [38]

On 13 December 2017, the Justice Department announced that three men (Paras Jha, 21, Josiah White, 20, and Dalton Norman, 21) had entered guilty pleas in cybercrime cases relating to the Mirai and clickfraud botnets. [39]

Perpetrators

In correspondence with the website Politico , hacktivist groups SpainSquad, Anonymous, and New World Hackers claimed responsibility for the attack in retaliation against Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange, at their embassy in London, where he had been granted asylum. [5] This claim has yet to be confirmed. [5] WikiLeaks alluded to the attack on Twitter, tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point." [40] New World Hackers has claimed responsibility in the past for similar attacks targeting sites like BBC and ESPN.com. [41]

On October 26, FlashPoint stated that the attack was most likely done by script kiddies. [42]

A November 17, 2016, a Forbes article reported that the attack was likely carried out by "an angry gamer". [43]

On December 9, 2020, one of the perpetrators pleaded guilty to taking part in the attack. The perpetrator's name was withheld due to his or her age. [44]

See also

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Dyn (company)</span> Former Internet infrastructure company

Dyn, Inc. was an Internet performance management company that also dealt with web application security, offering products to monitor, control, and optimize online infrastructure, and also domain registration services and email products. The company was acquired by Oracle Corporation in 2016. It began operating as a global business unit of Oracle in 2017.

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

The July 2009 cyberattacks were a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States. The attacks involved the activation of a botnet—a large number of hijacked computers—that maliciously accessed targeted websites with the intention of causing their servers to overload due to the influx of traffic, known as a DDoS attack. Most of the hijacked computers were located in South Korea. The estimated number of the hijacked computers varies widely; around 20,000 according to the South Korean National Intelligence Service, around 50,000 according to Symantec's Security Technology Response group, and more than 166,000 according to a Vietnamese computer security researcher who analyzed the log files of the two servers the attackers controlled. An investigation revealed that at least 39 websites were targets in the attacks based on files stored on compromised systems.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

<span class="mw-page-title-main">Internet outage</span> Loss of internet functionality over a small or large area

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to The Hill, Cloudflare is used by more than 20 percent of the Internet for its web security services, as of 2022.

<span class="mw-page-title-main">Jeremy Hitchcock</span>

Jeremy Hitchcock is co-founder and CEO of wifi management and IoT security startup, Minim, based in Manchester, NH. Jeremy is also a Partner at New North Ventures, which invests in artificial intelligence, cyber security and next-gen communication sectors.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">MalwareMustDie</span> Whitehat security research workgroup

MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce malware infection in the internet. The group is known for their malware analysis blog. They have a list of Linux malware research and botnet analysis that they have completed. The team communicates information about malware in general and advocates for better detection for Linux malware.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from Russia with no links to Sudan or Anonymous. They have launched a variety of distributed denial-of-service (DDoS) attacks against targets.

References

  1. "Level3 outage? Current problems and outages". downdetector.com. Retrieved 23 October 2016.
  2. Dyn (26 October 2016). "Official Dyn Analysis Summary". dyn.com. Retrieved 5 February 2019.
  3. Etherington, Darrell; Conger, Kate (21 October 2016). "Many sites including Twitter, Shopify and Spotify suffering outage". TechCrunch. Retrieved 2016-10-21.
  4. "The Possible Vendetta Behind the East Coast Web Slowdown". Bloomberg.com. Retrieved 2016-10-21.
  5. 1 2 3 Romm, Tony; Geller, Eric (21 October 2016). "WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical". Politico. Retrieved 22 October 2016.
  6. 1 2 Newman, Lily Hay. "What We Know About Friday's Massive East Coast Internet Outage". WIRED. Retrieved 2016-10-21.
  7. 1 2 3 4 5 6 7 8 Heine, Christopher (21 October 2016). "A Major Cyber Attack Is Hurting Twitter, Spotify, Pinterest, Etsy and Other Sites". AdWeek. Retrieved 21 October 2016.
  8. Lovelace Jr., Berkeley (21 October 2016). "After cyberassault KOs Amazon, Twitter, Spotify, third attack reported". CNBC. Retrieved 21 October 2016.
  9. 1 2 3 4 5 6 7 8 9 10 11 12 Turton, William. "This Is Probably Why Half the Internet Shut Down Today [Update: It's Happening Again]". Gizmodo. Retrieved 2016-10-21.
  10. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Chiel, Ethan. "Here Are the Sites You Can't Access Because Someone Took the Internet Down". Fusion. Archived from the original on 22 October 2016. Retrieved 21 October 2016.
  11. Chavez, Danette (21 October 2016). "Here's why half the internet went down today". The A.V. Club. Retrieved 21 October 2016.
  12. 1 2 3 Murdock, Jason (21 October 2016). "Twitter, Spotify, Reddit among top websites knocked offline by major DDoS attack". International Business Times UK . Retrieved 21 October 2016.
  13. 1 2 3 4 5 6 7 8 9 10 11 Meyer, Robinson; LaFrance, Adrienne. "What's Going On With the Internet Today?". The Atlantic. Retrieved 2016-10-21.
  14. @TESOnline (October 21, 2016). "We are still investigating intermittent login issues some players are experiencing across all megaservers" (Tweet) via Twitter.
  15. 1 2 3 4 5 6 7 "Massive web attacks briefly knock out top sites". BBC News. 21 October 2016.
  16. 1 2 3 4 Thielman, Sam; Johnston, Chris (21 October 2016). "Major cyber attack disrupts internet service across Europe and US". The Guardian. Retrieved 21 October 2016.
  17. Hinckley, Story (21 October 2016). "Did the East Coast just suffer a massive cyberattack?". Christian Science Monitor. Retrieved 21 October 2016.
  18. 1 2 Hughes, Matthew (21 October 2016). "A massive DDOS attack against Dyn DNS is causing havoc online [Updated]". The Next Web. Retrieved 21 October 2016.
  19. 1 2 "Having internet problems today? Here's what's going on". WJHG-TV. 21 October 2016. Retrieved 21 October 2016.
  20. 1 2 3 4 Chacos, Brad. "Major DDoS attack on Dyn DNS knocks Spotify, Twitter, Github, PayPal, and more offline". PCWorld. Retrieved 22 October 2016.
  21. Menn, Joseph (22 October 2016). "Cyber attacks disrupt PayPal, Twitter, other sites". Reuters. Retrieved 23 October 2016.
  22. "DDoS Attack on DNS; Major sites including GitHub PSN, Twitter Suffering Outage". HackRead. 21 October 2016. Retrieved 23 October 2016.
  23. "[RESOLVED] Unscheduled Maintenance". Archived from the original on 24 October 2016. Retrieved 23 October 2016.
  24. 1 2 Joel Westerholm. "Så sänktes Twitter och Regeringen.se i attacken", Sveriges Radio, 24 October 2016. Retrieved 30 October 2016.
  25. "U.S. internet disrupted as firm hit by cyberattacks". CBS News. 21 October 2016. Retrieved 21 October 2016.
  26. Lecher, Colin (21 October 2016). "Denial-of-service attacks are shutting down major websites across the internet". The Verge. Retrieved 21 October 2016.
  27. Gallagher, Sean (21 October 2016). "DoS attack on major DNS provider brings Internet to morning crawl [Updated]". Ars Technica. Retrieved 21 October 2016.
  28. Wolkenbrod, Rob (21 October 2016). "Why is the WWE Network Down on Friday, October 21?". Daily DDT. Archived from the original on 22 October 2016. Retrieved 22 October 2016.
  29. Sarkar, Samit (21 October 2016). "Massive DDoS attack affecting PSN, some Xbox Live apps (update)". Polygon. Retrieved 23 October 2016.
  30. Etherington, Darrell; Conger, Kate (21 October 2016). "Many sites including Twitter, Shopify and Spotify suffering outage". TechCrunch. Retrieved 2016-10-21.
  31. "Government probes major cyberattack causing internet outages". Politico . Retrieved 2016-10-21.
  32. Finkle, Jim; Volz, Dustin. "Homeland Security Is 'Investigating All Potential Causes' of Internet Disruptions". Time . Retrieved 2016-10-21.
  33. "Popular sites like Amazon, Twitter and Netflix suffer outages". money.cnn.com. CNN Money. 21 October 2016. Retrieved October 21, 2016.
  34. 1 2 Perlroth, Nicole; Mccann, Erin (2016-10-21). "No, It's Not Just You. The Internet Is (Still) Having Problems". The New York Times. ISSN   0362-4331 . Retrieved 2016-10-21.
  35. "Blame the Internet of Things for Destroying the Internet Today". Motherboard. Retrieved 2016-10-27.
  36. Perlroth, Nicole (2016-10-21). "Internet Attack Spreads, Disrupting Major Websites". The New York Times. ISSN   0362-4331 . Retrieved 2016-10-22.
  37. Statt, Nick (October 21, 2016). "How an army of vulnerable gadgets took down the web today". The Verge . Retrieved October 21, 2016.
  38. CNN, 25 October 2016, Obama: We have no idea who carried out huge cyberattack
  39. Justice Department, 13 December 2017, Justice Department Announces Charges And Guilty Pleas In Three Computer Crime Cases Involving Significant Cyber Attacks
  40. Han, Esther (22 October 2016). "WikiLeaks claims its supporters are behind the massive DDoS cyber attack". The Sydney Morning Herald . Retrieved 22 October 2016.
  41. Satter, Raphael; Fowler, Bree; Bajak (21 October 2016). "Cyberattacks on Key Internet Firm Disrupt Internet Services". The New York Times. ISSN   0362-4331. Archived from the original on 2016-10-25. Retrieved 22 October 2016.
  42. Lomas, Natasha (26 October 2016). "Dyn DNS DDoS likely the work of script kiddies, says FlashPoint, so i guess that means anonymous did it, as most of anonymous are script kiddies anyway". TechCrunch. Retrieved 26 October 2016.
  43. Mathews, Lee (17 November 2016). "Angry Gamer Blamed For Most Devastating DDoS Of 2016". Forbes.com. Retrieved 20 April 2018.
  44. "Individual Pleads Guilty to Participating in Internet-of-Things Cyberattack in 2016". justice.gov. 9 December 2020. Retrieved 7 January 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.