The Department of Homeland Security is investigating a massive cyberattack that barred users across the country from visiting Twitter, Spotify, SoundCloud and other sites Friday by targeting a firm responsible for routing internet traffic their way.
Dyn, a New Hampshire internet services company, reported early Friday that a large-scale yet unsophisticated attack temporarily overwhelmed its servers. Hours later, the company said, service was back to normal, but shortly thereafter, Dyn again said it was under attack. By the early afternoon, Dyn said it was investigating and mitigating "several attacks."
Dyn serves as a directory that links web addresses to specific numeric codes, called IP addresses, that computers use to communicate with each other. Because so many companies rely on Dyn as a go-between, the effect was widespread.
Users reported outages and slowdowns at sites including Github, Netflix, The New York Times, The Boston Globe and Vox Media, among others.
Hackers used an attack known as a distributed denial of service, or DDoS. It's a method that's on the rise, said Vince Berk, chief executive of FlowTraq, a network security company that specializes in detecting and defeating DDoS attacks.
As security experts get better at keeping threats at bay, hackers are increasingly turning to DDoS attacks, which he described as the "crudest form of an attack you can perpetrate."
A DDoS attack blocks users trying to access a site by overloading the site with traffic. Imagine, for instance, that a thousand people showed up at a post office at once to buy stamps. The glut of traffic would prevent other customers who wanted to mail packages from getting service.
That is similar to how a DDoS attack works, Berk said.
To attack a company as large as Dyn, a hacker needs to commandeer a large number of computers or internet-connected devices and program them to all start sending traffic to Dyn at the same time. By doing this, the hacker will clog up the site with so much "junk traffic" that they cannot serve actual customers, according to a blog post from security expert Brian Krebs, whose own site was the target of a DDoS attack in September.
Companies like Dyn are a "prime target," Berk said, because of their role in communicating with internet browsers to translate a web address into an IP address _ the numeric code that corresponds to a web page. By attacking a company like Dyn, hackers can take down a vast number of websites at once.
The exact magnitude of the attack is unclear at this point, Berk said.
The widespread outages come at a time of increased concern about cybersecurity. This month, private emails of Hillary Clinton's campaign chairman appeared on WikiLeaks, allegedly obtained by Russian hackers.
Hacking an email server is more targeted than a DDoS attack, which aims to cause disruption, said Justin Cappos, an professor in the computer science and engineering department at NYU.
Many DDoS attacks are performed by individuals who threaten to unleash a flood of traffic unless a victim pays a bribe. Some are performed by hackers intent on gaining notoriety or causing a headache for the sites they take down. Recently, some DDoS attacks have been perpetrated by state-sponsored groups probing internet infrastructure, Cappos said.
But he warned it will take time to identify the culprit.
The internet security world has been on edge since the attack on Krebs' site _ believed to be the largest DDoS attack ever.
Krebs and others attribute its scale to compromised internet-connected devices, from security cameras to thermostats. Their rapid spread and lax security standards could open a new front in cyber warfare.
Krebs said he wasn't surprised Friday's attack garnered attention from the general public.
"Any time you have such a broad range of popular sites go offline because of an attack on one infrastructure provider ... it tends to be a pretty impactful attack," he said.
