The Dyn DDoS: attacking the Internet’s global address system
By Tanzeer Hossein
On October 21, 2016, one of the most significantDistributed Denial of Service (DDoS) attacks occurred. The target was a DNS (Domain Name System) service provider called Dyn. This attack severely disrupted several internet services across the US and even some parts of Europe. This caused outages for some popular websites such as Twitter, Netflix, and even CNN. This incident marked a pivotal moment in cybersecurity, showing how vulnerable certain critical internet infrastructure is to large-scale attacks.
A DDoS attack overwhelms a server or network with very large numbers of messages, making it unable to handle legitimate traffic. In this case, the attackers used a Mirai botnet, which is a set of devices, all running the Linux operating system, which have been infected with the Mirai malware. These devices are typically items such as webcams, routers, and even printers. At the time, such devices often had weak passwords or poor security protocols, allowing attackers to easily take control of them. Once infected, the compromised devices are controlled by one or more command and control servers, which direct them to send messages to the target system, in this case Dyn’s DNS servers.
The attack was felt most heavily in the United States, particularly on the East Coast, with some impacts in parts of Europe. It made it impossible for web browsers, email software or other internet-based services in these regions to find the addresses of the servers with which they needed to communicate. Popular platforms like Twitter, Netflix, and Reddit were inaccessible for hours, affecting millions of users and disrupting business operations and social media interactions. The widespread nature of the outage demonstrated how reliant global internet services had become on a few key infrastructure providers like Dyn.
The Mirai malware, which was used to create this botnet, was initially developed by a group of hackers for the purpose of disrupting gaming servers. They targeted IoT devices to be their bots because of their widespread adoption and poor security. Once they had compromised enough devices, they could unleash a DDoS attack of unprecedented scale. The Mirai malware was later made public, allowing other cybercriminals to adapt and use it for their own purposes.
The attack on Dyn served as a prominent awakening for governments and tech industries. It highlighted the serious vulnerability of IoT devices, along with the damage they could bring if not properly secured, for example, with poor security protocols. It also drew a lot of attention to the critical role DNS providers play in maintaining global communications stability, considering that the attack showed that an effective DDoS attack on such services has a massive ripple effect across the entire web. The attack also underscored the growing threat posed by DDoS attacks, which have become more frequent and powerful due to the availability of botnets like Mirai.
In the aftermath of the attack, tech companies and governments worked to implement stronger security measures for IoT devices, as well as seeking to make DNS infrastructure more resilient. Alongside companies, consumers were encouraged to take cybersecurity more seriously by changing default passwords and actively managing the security of their devices. DDoS mitigation services saw a massive increase in demand after the attack because businesses realized the significance of protecting their networks from DDoS and any other potential attack that might destabilize them.