view counter

CybersecurityIs someone really trying to find out if they can destroy the Internet?

By David Glance

Published 25 October 2016

A prolonged Internet outage prevented access to major sites like Twitter, Netflix, Spotify, and the New York Times on Friday. Because of the increase in number and intensity of DDoS type attacks in recent years, security analysts have theorized that some of the attacks are masking the probing of vulnerabilities. The Internet remains incredibly vulnerable to attacks on its infrastructure and right now, there are few ways of avoiding them. It does bring into question the ability of governments to put even more of its interface with the public online since as soon as it does, it becomes a potential target for malicious actors. Governments in particular need to become more adept at dealing with this possibility.

A prolonged Internet outage prevented access to major sites like Twitter, Netflix, Spotify, and the New York Times on Friday. The attack has commentators concerned that this is was a practice run for future, promising more frequent and widespread disruption of the Internet. The distributed denial of service attack (DDoS) targeted the dynamic domain name service provider Dyn and came in three waves during the day.

Dyn provides Internet address translation through DNS servers to take a name like www.nytimes.com and translate it into an address like 170.149.159.130. Denial of service attacks use a variety of techniques to keep the DNS servers busy. The attacks work by flooding DNS servers with millions of requests that seem legitimate but are for fake addresses, causing the DNS server to get overloaded. Real DNS requests from real users can’t get through and so it appears that the site they are trying to get to, like www.netflix.com is down.

DNS attacks operate in a number of different ways but those that affected the Dyn servers were using a range of techniques that included sending requests for sites that had random characters attached to the start of a valid domain e.g. abcd123.nytimes.com. Because these addresses are essentially valid, the DNS server tries to look up the address but gets tied up because of the sheer volume of requests. The attacks are difficult to guard against because the requests are essentially valid.

The sheer volume of requests were being sent in part by the Mirai botnet of Internet of Things devices, mostly Internet-connected cameras and digital video recorders. This botnet has been in a previous attack this month on the website of a security reporter Brian Krebs.

These types of attacks have been occurring more frequently and because they involve pieces of Internet infrastructure, have a more widespread impact. Last month, security analyst Bruce Schneier wrote that he believed that state actors were increasingly probing for weaknesses in the basic infrastructure of the Internet in order to be able to mount large-scale devastating attacks. Because of the increase in number and intensity of DDoS type attacks in recent years, security analysts have theorized that some of the attacks are masking the probing of vulnerabilities.