That’s the question asked by Popular Mechanics writer Eric Limer, who wrote an article explaining the massive internet outage that hit the East Coast on Friday, saying the attack may be only the beginning.
The Distributed Denial of Service attack (DDoS) used thousands upon thousands of computers and other internet-connected devices to attack the internet performance company Dyn. USA Today explains a DDoS incident:
As part of its business, Dyn provides DNS services for a given swath of the Internet, effectively its address book. DNS stands for Domain Name System, the decentralized network of files that list the domain names human beings use, such as usatoday.com, with their numeric Internet Protocol addresses, such as 18.104.22.168, which is how computers look for websites. These are computers that contain databases of URLs and the Internet Protocol addresses they represent.
“If you go to a site, say yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” said Steve Grobman, chief technology officer for Intel Security.
For example, the IP address for yahoo.com is 22.214.171.124.
The attack hit the Dyn server that contains that address book. Dyn provides that service to multiple Internet companies. For anyone linked to a computer that used the service, when they entered twitter.com or tumblr.com or Spotify.com, via a complex series of jumps the address book is able to tell their browser which numerical IP address to look at.
The DDoS attack floods that server with illegitimate requests, so many that very few real requests can get through. The user gets a message that the server is not available. Service is intermittent because a few requests are sometimes still able to go through.
As Limer explains, this was the largest DDoS attack in history — almost 3 times the size of any previous incident. What made it possible was the posting of the source code for a botnet known as “Mirai” that allows relatively easy access to all the “smart” devices in our homes — DVRs, smart refrigerators and thermostats among many. Hence, his wry observation, “Have you changed the password on your smart fridge lately? I thought not.”
That piece of malware coupled with the targeting of Dyn, led to a day of chaos on the East Coast internet:
The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.
These infected DVRs, along with a few thousand other gadgets, can drive ludicrous amounts of traffic. Devices compromised by this malware were responsible for a 620Gbps attack against the security website Krebs on Security in September, the biggest DDoS the world had ever seen, at the time. Reports from the security firm Flashpoint, by way of Brian Krebs, suggest that it is a botnet based on exactly this technology that is responsible for today’s outages, and Dyn has since confirmed this suspicion to TechCrunch.
Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne’er-do-well to use. Today’s attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we’ve ever seen blast the web.
The most terrifying part: This is probably only the beginning.
The obvious question: Was this some sort of dry run for an attack on the internet on Election Day? Since a DDoS attack does not require penetration of computers, the resulting internet outages would be inconvenient but manageable. No doubt the psychological impact of such an attack would be far greater than any damage caused by it.
A shadowy group calling themselves New World Hackers claimed responsibility on Twitter, but it’s too early to verify such a claim. Regardless, the enormous power of these hackers would only need a mind bent on destruction to make a nightmare scenario become reality.