October 21, 2016 Last Updated 4:11 pm

Aggressive DDoS attack knocked out Twitter, other web services in several US regions

Update (4:45ET): Following a third wave of attacks, it looks like Dyn has solved its problems, with websites, including Twitter, back online. Below is the original story, updated as the DDoS attack was still in progress

If you are subscribing to TNM’s RSS feed, this may be the best way to learn that Dyn Inc servers are being attacked by a denial of service attack. The attack was seen this morning mostly on the East coast, knocking out a wide range of websites, but now are spreading.

The White House press secretary said today that the Department of Homeland Security is investigating the attacks.

Dyn is one of a handful of major DNS service providers, and several news sources are speculating that they were targeted because the company provided assistance to journalist Brian Krebs earlier this year when he was investigating similar DDoS attacks.

“We were concerned about some blowback from the stuff about Krebs, but we made a decision that it was important work, and we wanted to be part of the solution for everybody’s sake,” Dyn’s director of internet analysis, Doug Madory, told The Washington Post (which remains online, one should add).

dyn-status

This attack may be the most serious in the history of the Internet, and may be just the beginning. The Obama administration recently hinted that retaliation for DNC email server hacks were being considered, and since the nomination of Donald Trump numerous websites including this one have reported DDoS attacks.

Just today, The Hill reported on the comments by former NSA chief Michael Hayden who said that he considered the email hacks “honorable espionage” though he felt Russian attempts to undermine Democracy was going too far. In essence, Hayden admitted that the US was engaging in similar hacking.

Ironically, The Hill website is right now inaccessible due to the DDoS attacks.

Other media websites, even those still up, are being slowed such as the NYT (and I believe it is delivering a cached web page).

TNM’s sister website, PoliMedia.press has been knocked offline completely due to the Dyn server attack.

down-map-580

Last month Bruce Schneier explained what he was beginning to see, describing the new cyber attacks as “someone is learning how to take down the Internet.”

“The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attack,” Schneier wrote. “The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.”

“I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there’s a global blackout of all websites and e-mail addresses in the most common top-level domains.”

Comments are closed.