DDoS Attacks on DYN Take Down Tech Giants: Github, Twitter, Netflix, and More

Source: John McAfee: North Korea behind Dyn DDoS assault, larger attacks on the way, DYN CONFIRMS DDOS ATTACK AFFECTING TWITTER, GITHUB, MANY OTHERS (TECHSPOT, Threatpost)

On Friday October 21, 2016 two massive Distributed Denial of Service Attack(DDoS) were targeted at the DNS provider Dyn. The attacks on Dyn servers impacted many of the company’s customers like Twitter, Spotify, Github, Netflix, and many more. Dyn was unable to say how many sites had been affected by the attacks, though many customers of the these popular sites felt the effects of the attacks through site outages or extremely sluggishness performance. Both the Department of Homeland Security (DHS)and the FBI announced that they were monitoring the attacks as they were happening. Dale Drew, chief security officer for telecommunications firm Level 3 Communications said that the likely source of the attack (based on their analysis) is from overseas hackers that are targeting U.S. cyber infrastructure. Drew also mentioned that the attack came form an Internet of Things (IoT) botnet that uses the Mirai malware.

Craig Young, principle researcher at Tripwire stated that the attack has strong indicators of being a IoT-based DDoS attack which, is very similar to one that was used on DDoS attack against Kerbs on Security in September. Dyn offers DNS services which is like an address book for the internet. It allows users to type in web addresses (e.g. https://www.google.com) and DNS resolves these addresses to IP addresses that are needed to find and connect the correct servers so that browsers can deliver the requested content. A DDoS attack will overwhelm the DNS server with lookup request which will in-turn render it incapable of processing any request. Attacking DNS registrars is much more effective to hackers as they typically provide DNS services to thousands or tens of thousands of domain names, allowing them to affect a larger audience at once.

Most of the attacks began affecting the Eastern seaboard of the United States, while later attacks began affecting the opposite end of the country. A senior US intelligence official told CNBC that the attacks did not seem to be state-sponsored, and were merely an act of internet vandalism. McAfee’s sources disagree and said that “the Dark Web is rife with speculation that North Korea is responsible for the Dyn hack.” and specifically claims that Bureau 21 the North Korean cyber-warfare agency launched the assaults. McAfee also mentioned that even if Bureau 21 was responsible for the attacks the forensic analysis would point to either China, Russia, or a U.S. group. As large as these attacks were McAfee believes this was simply the first probing to a much larger attack, it was merely a test on the Internets infrastructure.