On Friday, October 21, a massive cyberattack against areas of the United States began around 7 a.m. EST, initially affecting the northeast and other areas along the eastern coast. The attack was primarily aimed at Dyn, an internet infrastructure company headquartered in New Hampshire. The first attack was resolved in two hours.
However, a second attack began just before noon EST and was not resolved until around 6 p.m. EST. These attacks severely disrupted the availability of popular websites across the entire United States including Amazon, Netflix, Reddit, GitHub, Etsy, Spotify, Comcast, PayPal, Pinterest, Tumblr, CNBC.com and others.
Service has been restored, but the Department of Homeland Security is now working to identify those behind the attack. The FBI is also involved. All we know so far is that North Korea has been ruled out as a suspect. There is also speculation that the Russians may be behind this attack, but this is primarily due to the recent hack on the servers of the Democratic National Committee earlier this year.
Understanding this attack
Here's what's scary: These outages were the result of a Distributed Denial of Service (DDoS) attack on the domain host company Dyn, which is part of the backbone of the internet. It works essentially as a middleman, directing requests to the right domains.
Domain Name Servers (DNS), basically work as the internet's phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses so computers can direct users to the site they type in the address bar. When you type komando.com into your browser, for example, domain host companies such as Dyn help to direct you there.
DDoS attacks occur when servers are overwhelmed with more traffic than they can handle. These types of attacks are performed with something called a botnet.
A botnet is a group of gadgets that hackers have taken over without the owners' knowledge. The hackers seize control of unwitting gadgets with a virus or malware, and then use the network of infected computers to perform large-scale hacks or scams.
Kyle York, Dyn's chief strategy officer described Friday's attacks as "very smart" during interviews with the press. "We start to mitigate, [the hackers] react," he explained. "It keeps happening every time. We're learning, though."
In this case, the hackers are said to have used a program called Mirai to launch the attack. Mirai infects smart devices such as DVRs, routers, webcams and other web-connected gadgets with malware. This malware is installed through the use of phishing emails that first infect an individual computer, then spread rapidly throughout the home network.
How does this attack impact you?
Some of the most immediate effects of these attacks were slower than usual internet speeds, technical issues and interruption of service. But the impact stretches far beyond lags and bugs.
As we warned you previously, botnets can consist of a collection of smart appliances found in people's homes. With so many smart appliances, cars and gadgets in the world, it's possible we could see more attacks on DNS providers. Hackers could cause major disturbances since DNS providers are in charge of forwarding extensive volumes of internet traffic.
Hopefully, we've all learned from this. Hopefully, we're all setting aside some time this weekend to ensure that our personal home networks are secure. It starts by securing your router. If you're not sure where to start, click here for one thing your router needs to keep hackers out, and here for an easy way to find and change your router's password.
There are also several routers that are now out of date, or plagued with security problems. Is your router one of them? Click here to see the full list, and find out.
Beyond that, you need to be smart with your web-connected devices. The steps it takes to secure these devices varies from product to product, so it's a good idea to each out to each of the manufacturers - but, here's a general place to get started.
The last thing - and say this a lot, but that's because it's important - is to be careful of what you click on. Phishing emails played a major role in this cyberattack, infecting millions of devices with malware and turning them into weapons.
The truth is, this could happen to you. Be proactive by installing a strong anti-virus software on your devices, and take this quiz to see if you can spot the signs of a fake email.