US internet repeatedly disrupted by cyberattacks on key firm

The Associated Press

Cyberattacks on a key internet firm repeatedly disrupted the availability of popular websites across the East Coast of the United States on Friday, according to analysts and company officials.

The White House described the disruption as malicious. Members of a hacker group spread across China and Russia claimed responsibility, although their assertion couldn't be verified.

Manchester, N.H.-based Dyn Inc. said its server infrastructure was hit by what are known as distributed denial-of-service attacks, which work by overwhelming targeted machines with junk data. The attack affected users trying to access popular websites across America and in Europe, including such sites as Twitter, Netflix and PayPal.

The level of disruption was difficult to gauge, but Dyn provides internet traffic management and optimization services to some of the biggest names on the web. Critically, Dyn provides domain name services, which translate addresses such as "" into an online route for browsers and applications.

Steve Grobman, chief technology officer at Intel Security, compared an outage at a domain name services company to tearing up a map or turning off GPS before driving to the department store.

"It doesn't matter that the store is fully open or operational if you have no idea how to get there," he said.

Jason Read, founder of the internet performance monitoring firm CloudHarmony, said his company tracked a half-hour-long disruption early Friday in which roughly one in two users would have found it impossible to access various websites from the East Coast. A second attack later in the day caused disruption to both coasts as well as affecting some users in Europe.

"It's been pretty busy for those guys," Read said. "We've been monitoring Dyn for years, and this is by far the worst outage event that we've observed."

Read said Dyn provides services to some 6 percent of America's Fortune 500 companies.

"It impacted quite a few users," he said of the morning's attack.

Members of a shadowy hacker collective that calls itself New World Hackers claimed responsibility for the attack via Twitter. They said they organized networks of connected "zombie" computers that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.

"We didn't do this to attract federal agents, only test power," two collective members who identified themselves as "Prophet" and "Zain" told an Associated Press reporter via Twitter direct message exchange. It was not immediately possible to verify their claim.

Dyn officials said they did not know who was behind the attacks or if they were orchestrated by a state-backed group or online activists or pranksters. They said they have received no claim of responsibility, but are working with law enforcement.

The collective, @NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks against sites including in September and the BBC on Dec. 31. The collective also claimed responsibility for cyberattacks against Islamic State.

Another collective member the AP previously communicated with via direct message called himself "Ownz" and identified himself as a 19-year-old in London. He told the AP that the group — or at least he — sought through hacking only to expose security vulnerabilities.

During the attack on the ESPN site, "Ownz" was asked if the collective made any demands on sites it attacked, such as demanding blackmail money.

"We will make one demand actually… Secure your website and get better servers, otherwise be attacked again," he said.

Dyn said in a series of statements that it first became aware of the attack around 7 a.m. Friday and that services were restored about two hours later. But around two hours after that, the company said it was working to mitigate another attack.

For James Norton, the former deputy secretary at the Department of Homeland Security who now teaches cybersecurity policy at the Johns Hopkins University, the incident was an example of how attacks on key junctures in the network can yield massive disruption.

"I think you can see how fragile the internet network actually is," he said.

The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday. He said he had no information about who might be behind the disruption.

Security experts have recently expressed concern over increasing power of denial-of-service attacks following high-profile electronic assaults against investigative journalist Brian Krebs and French internet service provider OVH .

In a widely shared essay titled "Someone Is Learning How to Take Down the Internet," respected security expert Bruce Schneier said last month that major internet infrastructure companies were seeing a series of worrying denial-of-service attacks.

"Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services," he said.

These distributed denial of service, or DdoS, attacks are on the rise, said Vince Berk, chief executive of FlowTraq, a network security company that specializes in detecting and defeating DDoS attacks.

As security experts get better at keeping threats at bay, hackers are turning increasingly to the DDoS attack, which he described as the "crudest form of an attack you can perpetrate."

Such attacks effectively block users trying to access a site. If you wanted to slow down business at a bricks-and-mortar post office, for example, you could gather a thousand friends to get in line all at once and buy 100 stamps each. That would prevent other customers who want to mail packages from getting service. This is similar to how a DDoS attack works, Berk said.

To attack a company as large as Dyn, a hacker needs to commandeer a large number of computers and program them to all start sending traffic to Dyn at the same time. By doing this, the hacker will clog up the site with so much "junk traffic" that they cannot serve actual customers, according to a blog post from security expert Brian Krebs, whose own site was the target of a DDoS attack in September.

Companies like Dyn are a "prime target," Berk said, because of their role in communicating with internet browsers to translate a web address into an IP address — the numeric code that corresponds to a web page. By attacking a company like Dyn, hackers can take down a vast number of websites at once.

The exact magnitude of the attack is unclear at this point, Berk said.

The Los Angeles Times contributed to this article.


Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad