“I also believe that this attack was the harbinger of near future attacks that will be much more devastating. I believe the smaller prior attacks served to identify weaknesses in the Internet’s infrastructure. Clearly there are weaknesses. Anticipate that these will be exploited in a big way.” – John McAfee

You probably know about all the recent outages of huge websites including Twitter, Netflix, Reddit, Spotify and many others. This large scale internet outage was the result of a massive distributed denial of service attack on Dyn, one of the biggest providers of internet services in the world. Dyn runs domain name servers or DNS.

How did this happen?

I reached out to Jon Norwood of the High Speed Internet Access Guide (HSIAG) and asked how one DDoS attack could possibly take out this many websites. Norwood explained that,

“Taking down websites the size of Netflix, Twitter and Reddit is a massive undertaking. However, we know it’s possible to have a distributed denial of service attack so large you can take down an entire country. To understand how this attack worked you must first understand how DNS works. DNS [Domain Name Servers] are the internet’s address book translating an IP Address to the website URL’s we all see. If the DNS provider is down and you go to say reddit.com, you will not be able to access the site. Restricting DNS servers was the core idea behind Sopa and Pipa years back.”

I asked why some parts of these websites are still available. Norwood responded by saying,

“Many parts of these sites are hosted on a Content Delivery Network perhaps with another DNS server or are still cached.” And added “This type of attack is going to become more and more common as cyber criminals become more adept at using the tools we have available. The fact we don’t have attacks like this all the time is what’s surprising.”

Who is behind this attack?

I asked another John for some insight as to who is behind this attack. John McAfee is a man who requires no introduction as the founder of the anti-virus software and at one time U.S. presidential candidate. In the email McAfee said,

“My sources say that Bureau 121, the Korean State hacking group, is responsible. Further they left false trails pointing to Backconnect, an American company, as being responsible. If all evidence points to this American company, then, with 100% certainty, it is not them. Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter. The forensic tools used to assign culpability in a hack are well known, in the cybersecurity world, to be largely ineffective. They may, sometimes, correctly identify an unsophisticated 15-year-old as the source of a hack, such as the teenager who hacked the FBI less than a year ago. But they are completely ineffective against large, sophisticated groups of hackers such as those run by the Korean State. Backconnect has a history of spoofing IP addresses, so they make a perfect fall guy.”

I then received the following email from McAfee:

“I also believe that this attack was the harbinger of near future attacks that will be much more devastating. I believe the smaller prior attacks served to identify weaknesses in the Internet’s infrastructure. Clearly there are weaknesses. Anticipate that these will be exploited in a big way.”

While we have no certainties about who is behind these attacks Dyn has said that its engineers are working to mitigate the issue and that it would post more information when it was clear what was going on.

Learn the latest trends, insights and best practices from the brightest minds in media and technology. Sign up for SMW Insider to watch full-length sessions from official Social Media Week conferences live and on-demand.

Photo Credit: Gage Skidmore