Widespread internet outages that took Netflix, Twitter, Spotify and others offline today are being investigated as a possible cyber-attack, US officials have confirmed. The incident, which seemingly began around 6am central time, has seen major websites suffer periods of downtime or fail to be accessible altogether. Now, efforts are underway to see if it’s no accident but in fact a concerted effort to disrupt the internet.
The assuming so far has been that at least one of the major infrastructure nodes, namely Dyn, has been targeted. The company confirmed this morning that an attack was underway, telling users that it was “monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure.” In the process, sites like Reddit, PayPal, and Github have been affected.
Although one issue was supposedly resolved several hours later, it was followed by a second disruption. That is still ongoing, affecting sites across the US. Dyn is responsible, among other things, for handling DNS, which route traffic across the internet.
Now, according to officials speaking to Reuters, the whole incident is being treated as potentially suspicious. The US Department of Homeland Security and the Federal Bureau of Investigation are apparently both investigating, in fact, though no official indication has been given as to potential actors. Neither organization has made a statement on the investigation yet.
It comes, however, on the heels of widespread warnings regarding the US’ susceptibility to cyber attack. Last week, for instance, the Department of Homeland Security pointed out the potential for nefarious uses should connected Internet of Things (IoT) devices be co-opted. Lax security, it pointed out, could allow millions of web-enabled gadgets to be used to force servers offline with distributed denial of service (DDoS) attacks.
The organization also warned of the potential human role in lax security. Phishing emails, for instance, which masquerade as one thing but allow hackers to access accounts or infect computers, have been blamed for the recent theft of messages from Hillary Clinton campaign chairman John Podesta. Like others, Podesta is believed to have clicked on a rogue link in an email.
At time of publication, Dyn still reports ongoing problems as a consequence of the DDoS attack. Services like Twitter and Spotify remain offline or only sporadically available, depending on location.
Security researcher Brian Krebs, meanwhile, has drawn connections between today’s attack and a recent talk given by one of Dyn’s own staff. Doug Madory, a researcher at the firm, gave a presentation at a meeting of the North American Network Operators Group (NANOG) about DDoS mitigation, among other things. Krebs, too, lays much of the blame for the botnet at the feet of poorly-secured IoT devices, pointing out that a huge, 620 Gbps DDoS attack on his own site last month relied on an IoT corrupting tool dubbed “Mirai” that had been released by a hacker.