Refreshing your browser made that huge DDoS attack seem much worse
While much of the internet was frantically trying to refresh their browsers on Friday, the folks at Dyn were facing a huge digital assault that appeared to be coming from just about everywhere.
Their servers were swamped and, because Dyn provides domain name services to many of the most popular sites on the internet, that's all the online community was talking about.
SEE ALSO:How an attack on a company you've never heard of crushed the internetThe attack -- known as a distributed denial of service (DDoS) -- was indeed bad. DDoS attacks are defined by a flood of "junk data" that clogs a specific site so legitimate users can't get through.
DDoS attacks flood servers with "junk" traffic, preventing legitimate users from gaining access.Credit: Silas Stein/picture-alliance/dpa/AP ImagesSomeone -- Dyn won't comment on who, but more on that later -- had hacked a significant number of video cameras and digital video recorders hooked up to the internet, and hurled that junk data at Dyn.
The domino effect left websites such as Twitter, Spotify and others sluggish or unreachable to the average user, so users naturally refreshed their pages again and again.
That was all legitimate traffic, but according to a Wednesday post on Dyn's website, it was hard to distinguish legitimate from malicious traffic at the time. They thought they were defending themselves from something even greater, as many IP addresses generated 10 to 20 times their normal amount of traffic.
"When DNS traffic congestion occurs, legitimate retries can further contribute to traffic volume," Scott Hilton, the executive vice president of product at Dyn, wrote in Wednesday's post. "We saw both attack and legitimate traffic coming from millions of IPs across all geographies. It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be."
Dyn is still looking into the roots of the attack.Credit: AP Photo/The Christian Science Monitor, Ann HermesDyn now estimates the attack came from around 100,000 "malicious endpoints," rather than millions as previously expected.
Though they're not saying who hacked the devices needed to mount the attack, Dyn and Flashpoint, a cybersecurity firm, have confirmed that the hackers used a malware known as Mirai to break into the cameras and DVRs.
Flashpoint hasn't confirmed a perpetrator either, but they have reason to believe the attack came from a hacker or group of hackers who just wanted to show off.
The cybersecurity firm found the attackers also hit a video game company while they were sending waves of junk data at Dyn, something that's not typical of a state actor or a group trying to steal money.
Instead, Flashpoint believes the hacker or the group is "likely connected to the English-language hacking forum community, specifically users and readers of the forum 'hackforums[.]net,'" a forum frequented by hackers who often launch similar types of attacks.
-
9 Planetariums to Get Lost in the CosmosThe 15 best tweets of the week, including soup, Bruce Springsteen, and tax fraudNorth Korean soldier used car to defect to South Korea: UN CommandWounded North Korean soldier defects through DMZ [PHOTOS]Unionized hospital workers pull out from strike石棉枇杷成功入选2019年度中国果业最受欢迎的热带水果区域公用品牌10强New report shows mobile apps have room to improve on accessibilityThe biggest scams that rocked the crypto world in 2021South Korea beefs up drills amid escalating NK provocationsYoon, Biden set to hold first summit on N. Korea, economy
- ·Apple Watch bands: 5 favorites to consider as Apple Watch 10 looms
- ·Defected North Korean solider in stable condition, clearly conscious
- ·Here are the best gadgets of 2021
- ·N. Korea reports 167,650 new suspected COVID
- ·采购商+48,英德红茶在泉城济南蹭蹭涨粉
- ·Nadal unsure if he will be fit
- ·故意高空抛物 最严重者将以故意杀人罪论处
- ·'The thing that killed' Twitter meme argues everyday tasks are actually famously deadly
- ·We Asked GPT Some Tech Questions, Can You Tell Which Answers Are Human?
- ·城市公园冬意浓 市民争相来观景
- ·[KH Explains] Who’s winning where for June 1 elections?
- ·芦山县首届“农信杯”创业之星评选结果公示
- ·Klarna CEO reveals plan to reduce workforce by 50% and replace it with AI
- ·Apple's new Android app lets you check for AirTag stalkers without an iPhone
- ·MacBook Pro and Air with Apple's new chips are launching next week, report claims
- ·Alvarez, Golovkin vow to take decision out of judge's hands
- ·18 Places for Epic Outdoor Adventure Across Colorado
- ·How to avoid sex toy injuries
- ·Why China can't push North Korea harder
- ·Korea to build reciprocal supply chain for chips, batteries in Indo
- ·一针一线串起两代人的传承故事
- ·城市公园冬意浓 市民争相来观景
- ·Posting a photo to multiple Instagram accounts is easy
- ·A complete history of Keyboard Cat, the meme that won't be played off
- ·Best smart home deals this week
- ·How a North Korean soldier defected in hail of bullets [VIDEO]
- ·South Korea beefs up drills amid escalating NK provocations
- ·PM meets opposition leader, agrees to hold regular sessions with parliament
- ·何祖训:神农必须做高质量的农牧企业
- ·Republicans vote to subpoena Facebook, Twitter CEOs in the wake of Hunter Biden story
- ·North Korea says it conducted important test to develop multiple warhead missile
- ·PM meets opposition leader, agrees to hold regular sessions with parliament
- ·How to avoid sex toy injuries
- ·违规操作信用卡 当心被降额封卡
- ·NASA's new plan keeps Starliner astronauts in space until 2025
- ·Apple's 2022 lineup reportedly includes a rugged Watch and iPad with wireless charging