A MAJOR distributed denial-of-service (DDoS) attack took place earlier affecting a number of global websites including Spotify and Twitter.
It seems that the hackers went straight to the source, making DNS provider Dyn their target. Other sites said to be affected included SoundCloud, Shopify, GitHub, Airbnb and Reddit.
And that’s just for starters. Attacking a DNS provider is like blowing up the telephone exchange: computers have the traffic but don’t know where to route it to.
The attack was targeted at US users, and European and Asian IP addresses had more success accessing the sites, but it was still a bit iffy.
Dyn posted this tweet at lunchtime after first becoming aware of the attack at around midday (UK):
We are aware of the ongoing service interruption of our Managed DNS network. For more information visit our status page.— Dyn (@Dyn) October 21, 2016
Helpfully, it doesn’t supply a link, but the Dyn status page is here.
The information confirms that the attack was centred on the eastern US, and that customers (i.e. websites) in that area were the most likely to be affected.
Richard Meeus, VP of technology EMEA at NSFOCUS, a DDoS mitigation company, commented: "DNS has often been neglected in terms of its security and availability from an enterprise perspective.
"It is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on.
"This attack highlights how critical DNS is to maintaining a stable and secure internet presence, and that the DDoS mitigation processes businesses have in place are just as relevant to their DNS service as it is to the web servers and data centres."
Dyn confirmed that service was restored at around 14.20 (UK) but the repercussions will take longer to propagate the interwebs and will leave lingering questions about the safety of a side of the internet that leaves a lot of eggs in a single basket. µ
Despite local protests
Remember crime does not pay people
You're crap but we couldn't have done it without you