Your refrigerator might have helped bring down the internet last Friday.
As many users noticed, shortly before last weekend a massive cyber-attack disrupted service to major websites ranging from the New York Times to PayPal and many more. The attack took place in three stages, all targeted at the Domain Name Services (DNS) company Dyn, Inc.
Dyn’s business, domain name services, is often referred to as the roadmap of the internet. It’s what translates URLs like TheStreet.com into the 12-digit IP address at which websites reside. This isn’t because IP addresses are secret (at time of writing, for example, this website’s address was 107.23.89.155). They’re simply tough for human beings to remember.
When DNS servers go down, like they did on Friday, no websites actually go offline. Instead, they become a whole lot harder to find. It’s the difference between burning down a building and ripping up the map.
Friday’s attack was a DDoS, or “distributed denial of service” attack. It’s when hackers overwhelm a server with traffic beyond what it can handle. It’s a brute force method that takes a lot of processing power which hackers often get through zombie networks (innocent computers with a virus on them).
In this case, the attackers used a novel piece of malware called the Mirai botnet, which creates its zombies by grabbing devices from the Internet of Things. Instead of linking together a bunch of infected laptops, the hacker used webcams, thermostats, cell phones and anything else with the ability to get online to generate traffic.
