Friday, October 21, 2016

Major DDos attack against DYNDNS leads to outages for many US users; many telecommunications companies had workaround


A Major DDoS attack against a company(s) “DynDNS”  (or maybe Dynatrace -- I've seen both companies named, not sure if this is different)  that provides DNS routing disrupted Internet connections for many Internet users in the US, especially the northeast, early Friday.  Curiously, the company(s) does (do) not seem to have a press release for the incident yet.

Major platforms such as Twitter, Reddit, and Amazon were affected for some users.  But I experienced no issues starting at 9:30 AM EDT today and watched a movie on Amazon Prime.  I found out about the outage at first from Facebook user “Survival Mom”.  I did experience a 5-minute DNS holdup on my Bluehost Wordpress domains this evening that could conceivably be related, but the outage was very short.


There have been at least three attacks today, that DYN and some other companies (like Amazon especially) have spent the day repelling. 

Some users did not experience difficulties because their telecommunications providers (Xfinity and Verizon in my case – I tried both) use other services, or because their own computers cache the DNS information (which I believe Windows 10 and later Mac OS’s do). 

The DDOS came from botnets of “Internet of things” devices with malware called Mirai.  Well secured PC’s (Windows, Mac’s) with modern anti-virus protection would not have been vulnerable to becoming compromised.  But separate webcams and digital recorders (which I have but which haven''t been connected recently) could have been infected. 

Wired has one of the best stories, by Lili Hay Newman, "What We Know".
  
There are some claims on Twitter that Wikileaks engineered the attack in conjunction with the treatment of Julian Assange.  But it sounds plausible that it came from Russia or North Korea.  

Update:  Oct. 25

Dyn has a statement on the attack here

No comments: