Major websites were inaccessible across the United States on Friday after Dyn, whose servers monitor and reroute internet traffic, was targeted by a denial-of-service attack (DDoS) just after 7 a.m. Dyn is one of a few companies who host the most key areas of the internet’s infrastructure. During the attack, many sites were inaccessible on the East Coast, but the outage spread west in three waves over the course of several hours.
The DDoS relied on hundreds of thousands of internet connected devices—including cameras, cell phones, and so on—infected with software that allows hackers to command them to flood the target, in this case Dyn, with enough traffic to shut it down or slow it significantly. This system of hijacked and infected devices is called a “botnet”. Dyn, based in Manchester, N.H., said it stopped the DDoS by 9:30 a.m., but at 11:52 a.m. Dyn was attacked again. The third and final DDoS came at 5 p.m.
The FBI and the Department of Homeland Security looked for any and all potential sources of the attack.
John McAfee, developer of the first commercial anti-virus program, has reason to believe that North Korea was behind the attack. “The Dark Web is rife with speculation that North Korea is responsible for the Dyn hack” said McAfee. Specifically, McAfee suspects Bureau 121, a North Korean cyberwarfare agency with almost 2,000 state sponsored hackers, is responsible. “They certainly have the capability, and, if it’s true, then forensic analysis will point to either Russia, China, or some group within the U.S.”
Kyle York, Dyn’s chief strategist, said his company and many others like it have been the targets of increasingly frequent DDoS attacks. “The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise,” Mr. York said. Security researchers have long warned that the increasing number of devices using the internet could be harnessed in this exact way, but on a much larger scale.
This type of coordinated attack has happened before. KrebsOnSecurity reported back in September “BackConnect Inc.—a company that defends victims against large-scale distributed denial-of-service (DDoS) attacks—admitted to hijacking hundreds of Internet addresses from a European Internet service provider in order to glean information about attackers who were targeting BackConnect” adding “BackConnect appears to have a history of such ‘hacking back’ activity.”
On Friday, McAfee said “Bureau 121 left trails to an American company that offers services to counter DDoS attacks. The company was not named. When found, I guarantee that the company might have had cause to launch the attack. This is how sophisticated hacks work.”