NPR logo

'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites

  • Download
  • <iframe src="https://www.npr.org/player/embed/498954197/498954198" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites

U.S.

'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites

'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites

  • Download
  • <iframe src="https://www.npr.org/player/embed/498954197/498954198" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

NPR's Scott Simon talk with NPR technology reporter Alina Selyukh about the internet outages that disrupted major U.S. websites on Friday.

SCOTT SIMON, HOST:

Disruptions rippled through the internet yesterday. Many people had trouble loading or properly using some of the most popular websites. NPR's tech blogger, Alina Selyukh, joins us. She's been following the story. She's in our studios.

Alina, thanks for being with us.

ALINA SELYUKH, BYLINE: Good morning.

SIMON: Catch us up on what's happened 'cause it's happened in literally waves.

SELYUKH: It did. There were several legs to this, and it all started about 24 hours ago, a little less than that. And we should say, to this point, we don't know who is behind this attack. But the company that was attacked is called Dyn. And you might have never heard of Dyn, but it is the kind of company...

SIMON: We sure have now.

SELYUKH: It now is in the news, and it is the kind of company that sits between you and a website that you're trying to access. When you type in a web address, it makes sure that you land exactly where you intended. And Dyn's clients are some of the most popular websites and services out there, and that's why when Dyn's servers were attacked - these attacks rolled through the entire day, lots of different locations - that's when you saw issues with Twitter, PayPal, Spotify, Netflix, even The New York Times and The Wall Street Journal.

SIMON: You say attack. I mean, we know it was an attack, not a disruption, not something else?

SELYUKH: Exactly. Dyn's servers were attacked in a major, complex hacking attack. And as a concept, the type of attack they experienced is really kind of familiar. It's called a distributed denial of service attack, and security experts see these kinds of attacks all the time. They happen when hackers take over, typically, a bunch of computers and infect them with malicious software and then use them to barrage a website or a web service with fake traffic until it caves under this overwhelming demand.

But this attack was different in two ways. First of all, this was a company that is not a website but a company that services a lot of websites. But also in this case, hackers didn't use computers. They had hijacked hundreds of thousands of internet-connected things.

SIMON: And a thing, in this context, is?

SELYUKH: It is anything that is connected to the web. Dyn says that attacks against their data centers originated from tens of millions IP addresses associated with various web-connected devices, so things like closed-circuit TV cameras, DVRs, routers. And that's pretty new kind of denial of service attack. We've all been buying these new things, connecting them to Wi-Fi. Internet wonks will call this the internet of things. And, you know, experts have been warning that these things are never secure. And, well, this is the most visible example so far of what happens when hackers hijack a tremendous number of them.

SIMON: Could this attack - could it have originated with a whole collection of gifted technologists or some guy sitting in his Jockey shorts in his studio apartment?

SELYUKH: Like I said, we don't know who was behind it. But it was a very complex staged attack that co-opted lots and lots of devices in people's homes. The specific complexity of this issue was that the devices were around the world. And Dyn says that the final incident was finally completed and resolved. As of last night, they had kicked the hackers out of all of their data servers. But of course, now there's this renewed urgency to talk about what happens when we connect all these things through the Wi-Fi without giving much thought to their security.

SIMON: And quickly, anything people can do to protect themselves?

SELYUKH: Super simple - and it's not going to surprise you - change your passwords. The malware that was linked to some of these attack devices had basically co-opted devices because they had really poor passwords on them.

SIMON: Alina Salyukh, thanks so much for being with us.

SELYUKH: Thank you.

Copyright © 2016 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

What Was Up With The Internet Today? Websites Lagged Or Didn't Load For Many

Dyn is a company that helps route Internet traffic and supports major websites and services. Dyn/Screenshot by NPR hide caption

toggle caption
Dyn/Screenshot by NPR

Dyn is a company that helps route Internet traffic and supports major websites and services.

Dyn/Screenshot by NPR

Updated at 7:30 p.m. ET

Hackers attacked a major Internet infrastructure company Friday, causing intermittent disruptions to websites and services including Twitter, Amazon, Spotify and Airbnb most of the day. It wasn't until shortly after 6 p.m. ET, that the company said that the "incident" had been resolved.

Friday's disruptions were the result of a massive DDoS, or "distributed denial of service," attack. That's when hackers overwhelm a website with fake traffic to cause breakdowns. Except in this case, it wasn't just one website. The victim of the attack is a company called Dyn (pronounced "dine").

Dyn is one of the companies that sit between you and some of the biggest websites and services — and help make sure that when you type in a Web address, your traffic is properly routed. That's why the ripples of the attack on Dyn spread across the Internet and affected the performance of many sites throughout the day.

The full day of attacks began around 7 a.m. ET. Dyn says the attacks came in three waves and rolled around the world: After Dyn cleared its East Coast data centers, the attackers moved their targets across the country and the world.

The most notable element of this attack is its origin. Typically, DDoS attacks are done through a ton of computers that hackers hijack and use to barrage websites. But this time, Dyn officials say it wasn't computers — it was "tens of millions" of Internet-connected things, like CCTV cameras, DVRs and routers.

"We see dozens of attacks over the period of weeks and months. ... We're always seeing DDoS attacks," says Dyn Chief Strategy Officer Kyle York. But the use of Internet-enabled devices results in a whole new scale of an attack.

"It's just so darn distributed," York told reporters. "Literally, picture tens of millions of things attacking a data center. No matter the size and scale of the independent things, tens of millions of anything make up something large. And that's the complexity of this."

As The Washington Post explains, Dyn is one of just a few companies in its industry:

"The service that Dyn provides is called the Domain Name System, or DNS. It works sort of like a phone book for the Internet — translating URLs into the numerical IP addresses for the servers that actually host sites so your browser can connect to them. ...

"Dyn is one of a handful of major DNS service providers. Friday's attacks highlight how that structure can mean an attack on one company can disrupt huge chunks of the Internet all at once."

The attack on Dyn targeted DNS servers, which as Bloomberg aptly puts it "is like taking away all the road signs on a country's highway system." The White House says the Department of Homeland Security is monitoring the attack — and Dyn says it has received support from the entire industry, including not only its own clients, but even competitors.

Dyn General Counsel Dave Allen says some of the devices used in the attack were infected by malicious code known as the Mirai botnet. Here's how computer-security journalist Brian Krebs explains its impact on the universe of Wi-Fi-connected devices, known as the Internet of things, or IoT:

"Mirai scours the Web for so-called IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."

Krebs says Mirai is the same malware strain used in another large attack, on his own site, in September — and the hacker who created it has now published its code on the Internet, "effectively letting anyone build their own attack army using Mirai," Krebs writes.

The attack on Dyn comes a day after the company's director of Internet analysis, Doug Madory, gave a presentation about DDoS attacks at an industry conference. Krebs says he and Madory had teamed up on research into "the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen."