On Friday, a network of diverse Internet-connected devices targeted the Dyn domain registration service provider. It took down Dyn clients, including several popular websites such as Twitter, Netflix, Spotify, Reddit, New York Times, and Wired.
The attack involved targeting Dyn’s domain name system servers with a large volume of requests, rendering it incapable of serving replies to legitimate requests — a DDoS (distributed denial of service) attack. Users’ browsers and other clients sent requests to Dyn to resolve the respective web sites’ domain names to an IP, but did not get a reply within the time required.
The first attack started at about 7am local time (UTC-4) and was resolved in two hours. A second attack started at mid-day, and a third attack started at about 4pm local time. Tens of millions of malicious request sources were observed, interfering with legitimate Dyn traffic.
The reports noted the malicious devices included internet-connected devices — not only servers and desktops, but also webcams, digital video recorders, routers — referred to as the Internet of Things.
On Friday evening Dyn said a security company Flashpoint and a cloud services provider Akamai identified symptoms of malware Mirai participating in the attacks. The malware infects the devices by brute forcing their passwords. This strategy may work as a consequence of users’ negligence towards password security of stationary devices, which the users do not directly interact with in their everyday life while leaving them exposed to the Internet.
Matthew Prince, the CEO of an Internet infrastructure company Cloudflare said it’s a known issue, “There’s nothing really new about [this type of DDoS attack]. We’ve seen them for at least the last three years, they tend to be difficult to stop”.
Public release of Mirai source code was announced at Hackforums on September 30.
Dyn’s corporate headquarters are in New Hampshire.