How Friday's cyberattack shut down Netflix, Twitter, and Spotify

Behind the attack was the Mirai botnet, which bombarded Dyn DNS company's servers with millions of requests, preventing access to many major sites.

This photo shows Dyn, a New Hampshire internet service company, in the old mill section of the city, Friday Oct. 21, 2016 in Manchester, N.H. Cyberattacks on a key internet firm repeatedly disrupted the availability of popular websites across the United States Friday, according to analysts and company officials. The White House described the disruption as malicious.

Jim Cole/AP

October 23, 2016

On Friday morning, internet users all over the United States attempted to log in to Twitter and Netflix, only to find that a massive cyberattack rendered them unable to connect to some of the world's most popular websites. Despite fixing the issue, the sites went down again later in the day, victim to another attack. After a third hit, the problem was finally brought under control.

While the identity of the attackers is still unknown, experts have figured out how they attack was carried out. Taking advantage of a botnet of internet-enabled devices, possibly with publicly available source code, hackers were able to clog up traffic to major websites, effectively shutting out human users with an army of automated bots. The scale and success of the attack is causing many companies and organizations to reevaluate their approach to protect websites and consumers from this kind of vulnerability in the future.

The sites that went down, which included CNN and The New York Times, were all customers of Dyn DNS Company, a company that specializes in online infrastructure. One of the company's main functions is to translate human-readable inputs into IP addresses, which can then be used to route online traffic in an efficient manner. But this function was disrupted on Friday when hackers launched a distributed denial of service (DDoS) attack on DNS servers. As The Christian Science Monitor's Story Hinckley explained:

Ukraine’s Pokrovsk was about to fall to Russia 2 months ago. It’s hanging on.

If it weren’t for DNS, internet users would have to know the IP address for a site (such as 216.168.224.70) instead of the simple domain name (such as csmonitor.com). 

And a DDoS attack effectively breaks down a server’s searching capabilities by overloading a system with server requests. 

In order to overload these servers, hackers turned to a malware program known as Mirai. The program takes over network-enabled items such as CCTV cameras, DVRs, and even innocuous household items, networking them together into a botnet to launch a barrage of requests at a target. While computers and phones have more sophisticated security equipment to resist this sort of takeover, many Internet of Things (IoT) devices do not have these protections, and can be easily taken over by hackers.

"IoT security has been horribly flawed ever since it first became a thing, largely because of the pace that new products have to go to market, and the fact that designing security is seen by vendors as 'slowing things down,'" Casey Ellis, CEO of Bugcrowd, a San Francisco-based computer security service, told the Lansing State Journal.

With anything from TVs to refrigerators to toasters being created with the capability to connect to a network, these low-security IP addresses have become a tempting target for cybercriminals. Any device with an internet connection has an IP address that can be used by Mirai. 

"It is just a matter of time until attackers find a way to profit from attacking IoT devices," warned a 2015 report from Symantec, a technology company specializing in security. "This may lead to connected toasters that mine cryptocurrencies or smart TVs that are held ransom by malware. Unfortunately, the current state of IoT security does not make it difficult for attackers to compromise these devices once they see the benefit of doing so."

If an attack like this through IoT devices was inevitable, it was made imminent when a hacker known as Anna_Senpai released Mirai's source code to the public earlier this month, according to Fast Company. Anna_Senpai, the likely creator of the program, likely released the code in order to avoid being the only one found with the code if law enforcement comes calling. This is a common tactic for hackers who suspect they might be close to being found out, according to Krebs on Security. In this case, it also makes it difficult to determine whether the Friday attack was orchestrated by the person or persons behind Anna_Senpai, or by others who were able to copy the Mirai source code.

Howard University hoped to make history. Now it’s ready for a different role.

The attack comes amid the President Obama's accusations that Russian hacking has taken place in an attempt to influence the outcome of the upcoming  US presidential election. With increasingly sophisticated and consequential cyberattacks on the rise in an online world, commitment to cybersecurity is swiftly moving to the forefront of both federal and private concerns.

"We're proud of the way the Dyn team and the internet community of which we're a part came together to meet yesterday's challenge," reads a Saturday statement from the company on Saturday. "Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise."