Denial of service attack from unknown culprits on domain name system company Dyn caused access to be severely restricted for users on Friday

This article is more than 3 years old

This article is more than 3 years old

US officials are investigating multiple attacks that caused widespread online disruption on both sides of the Atlantic on Friday.



The Department of Homeland Security has begun an investigation into the DDoS (distributed denial-of-service) attack, the Guardian confirmed.

The incident took offline some of the most popular sites on the web, including Netflix, Twitter, Spotify, Reddit, CNN, PayPal, Pinterest and Fox News – as well as newspapers including the Guardian, the New York Times and the Wall Street Journal.

The attacks seemed to have been focused on Dyn, one of the companies that run the internet’s domain name system (DNS).

Amazon’s web services division, the world’s biggest cloud computing company, also reported an outage that lasted several hours on Friday morning.

Doug Madory, director of internet analysis at Dyn, said he was not sure if the outages at Dyn and Amazon were connected.

“We provide service to Amazon, but theirs is a complex network so it is hard to be definitive about causality,” he said.

Amazon was not available for comment.

Dyn said it first became aware of the attack shortly after 7am ET on Friday. “We began monitoring and mitigating a DDoS [distributed denial-of-service] attack against our Dyn Managed DNS infrastructure,” the company said on its website.

The company sent out updates throughout the day, confirming a second attack at about noon and a third just after 4pm.

DDoS attacks are also becoming more common. Brian Krebs, an independent security researcher, observed earlier this month that the “source code” to the Mirai botnet had been released by a hacker group, “virtually guaranteeing that the internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices”.



The Mirai botnet is a network of devices infected with self-propagating malware; Krebs himself was attacked by the malware’s creators.

Cybersecurity firm Flashpoint attributed the attack to malware based on the Mirai source code. Krebs added his own investigation late Friday: “Separately, I have heard from a trusted source who’s been tracking this activity and saw chatter in the cybercrime underground yesterday discussing a plan to attack Dyn.”

Dyn was investigating another attack on Friday afternoon that caused similar problems to the outages experienced in the morning.

The firm said it was still trying to determine how the attack led to the outage. “Our first priority over the last couple of hours has been our customers and restoring their performance,” said executive vice-president Scott Hilton.

The tech website Gizmodo wrote: “This new wave of attacks seems to be affecting the West Coast of the United States and Europe. It’s so far unclear how the two attacks are related, but the outages are very similar.”

No one has yet claimed responsibility for the attacks, according to researchers.

Robert Page, lead penetration tester at security firm Redscan, said: “It’s interesting that nobody has yet claimed credit for the attack. The relative ease at which DDoS attacks are to execute, however, suggests that the perpetrators are most likely teenagers looking to cause mischief rather than malicious state-sponsored attackers.”

The attacks underline a serious vulnerability in the way the internet functions. David Gibson, of commercial security software firm Varonis, said: “DNS is one of the ageing technologies the industry is struggling to update, along with one-factor authentication (password-only security), unencrypted web connections – the list is very long, and the stakes have never been higher.”

In a widely shared essay, Someone Is Learning How to Take Down the Internet, respected security expert Bruce Schneier said recently that major internet infrastructure companies had been the subject of a series of significant DDoS attacks that looked like someone was trying to test their systems for weaknesses.

Schneier said he could not provide details because the companies provided him the information confidentially, but that he felt the need to warn the public of the potential threat.

“Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services,” he said.

Additional reporting by Spencer Ackerman