Takeaways From The Day Dyn Was Attacked And We Couldn't Tweet Last October, a cyber attack made it hard for people to access Twitter, Netflix, Spotify and other popular sites. Here's what we learned from that massive "distributed denial of service," attack.
NPR logo

Takeaways From The Day Dyn Was Attacked And We Couldn't Tweet

  • Download
  • <iframe src="https://www.npr.org/player/embed/510128857/510128858" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Takeaways From The Day Dyn Was Attacked And We Couldn't Tweet

Takeaways From The Day Dyn Was Attacked And We Couldn't Tweet

Takeaways From The Day Dyn Was Attacked And We Couldn't Tweet

  • Download
  • <iframe src="https://www.npr.org/player/embed/510128857/510128858" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Last October, a cyber attack made it hard for people to access Twitter, Netflix, Spotify and other popular sites. Here's what we learned from that massive "distributed denial of service," attack.

KELLY MCEVERS, HOST:

October 21, 2016 - it started like a regular day for Kyle York.

KYLE YORK: I can remember driving into our headquarters in Manchester, N.H. and, actually, our largest customer in the world called saying they were experiencing some issues with their application.

MCEVERS: York is used to fielding calls about clients' internet problems. He's the chief strategy officer at Dyn. It is an internet performance company. Basically, it makes sure that when you type in one of its clients' web addresses, that company's site pops up on your screen. Once York got to work that day, he learned many websites were having the same problem.

Soon, it was all over the news.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED MAN #1: A series of cyberattacks today against the internet.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED MAN #2: U.S. interest in cyberspace is monitoring the situation.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED MAN #3: Websites from Twitter to Netflix slowed to a crawl or even stopped.

MCEVERS: Those attacks were aimed at Dyn's servers.

YORK: What happened was that the company was basically under siege. Internet of things devices were being taken over in people's homes and pointing a lot of traffic at our infrastructure specifically, which, again, is infrastructure running services for, you know, many major enterprise brands online.

MCEVERS: The hackers had turned millions of web-connected thermostats, cameras, DVRs and other smart devices into attack weapons all pointed at Dyn. It took the company nearly all day to get things under control.

YORK: You know, we see these events every single day. It just so happened that that one was, you know, complex and unprecedented and moving around the world and, you know, it was basically bringing our infrastructure under attack. And in turn, customers that rely on that infrastructure to serve websites and web applications were having performance issues on a global level.

MCEVERS: Do you think people in this country are sufficiently aware that these devices, these internet connected things are vulnerable?

YORK: No, absolutely not.

MCEVERS: No?

(LAUGHTER)

YORK: No, I mean - and you and I are on the internet every day, right? I mean, think about the amount of things in your home that are connected to the internet, you know, the phone in your pocket. I just think that, you know, we as the average consumer - and I'm one of them, I think I just know a little bit more about tech - we sort of take the internet for granted and the fact that we're always interconnected.

I think in this attack, one of the major issues was the vulnerable devices were being hacked because many of them were using admin for username and admin for password out of the box from the manufacturer. So it was pretty easy to hijack them and take them over. So I think making sure you always update your passwords and be vigilant on not using the same password across every single internet property you engage with is just critical.

And then lastly, make sure you update the software on those devices, you know, and pressure your manufacturers to be taking security very seriously because the internet of things, as a commercial market, sort of ran ahead of internet standards and policy and governance.

MCEVERS: Kyle York says he still doesn't know who launched this attack against Dyn. He thinks that's pretty irrelevant anyway. More concerning to him, he says, is that these sorts of attacks are happening more and more every day as web-connected cars and other devices become part of our daily lives.

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.