This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how any the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.
Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldn't be able to read the leaked Clinton emails on Wikileaks. Others think it's the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, we're entering a new era.
DDoS attacks, at the most basic level, work like this. An attacker sends a flurry of packets, essentially just garbage data, to an intended recipient. In this case, the recipient was Dyn's DNS servers. The server is overwhelmed with the garbage packets, and can't handle the incoming connections, eventually slowing down significantly or totally shutting down. In the case of Dyn, it was probably a little more complex than this. Dyn almost certainly has advanced systems for DDoS mitigation, and the people who attacked Dyn (whoever they are) was probably using something more advanced than a PC in their mum's basement.
Recently, we've entered into a new DDoS paradigm. As security blogger Brian Krebs notes, the newfound ability to highjack insecure internet of things devices and turn them into a massive DDoS army has contributed to an uptick in the size and scale of recent DDoS attacks. (We're not sure if an IoT botnet was what took down Dyn this morning, but it would be a pretty good guess.)
We are nevertheless getting a taste of what the new era of DDoS attacks look like, however. As security expert Bruce Schneier explained in a blog post:
Over the past year or two, someone has been probing the defences of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
This sort of attack is deep different than the headline-grabbing DDoS attacks of years' past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to today's attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morning — not once but twice. That's huge.
If hackers are more easily able to amass extensive DDoS botnets, that means the internet as we know it becomes more vulnerable. Attacking major internet infrastructure like Dyn has always been a possibility, but if it becomes easier than ever to launch huge DDoS attacks, that means we might be seeing some of our favourite sites have more downtime than usual. These attacks could extend to other major pieces of internet infrastructure, causing even more widespread outages.
This could be the beginning of a very bleak future. If hackers are able to take down the internet at will, what happens next? It's unclear how long it could take for the folks at Dyn to fix this problem, or if they will ever be able to solve the problem of being hit with a huge DDoS attack. But this new breed of DDoS attacks is a scary problem no matter how you look at it.