Dynamic Network Services Inc, which manages Internet traffic, said at about 11am GMT that its infrastructure had been hit.
A DNS service (Domain Name System) Dyn was used by these websites and it was the target of the attack as it will direct the users to where the website is stored. “Typically DDoS attacks are targeted at individual sites”.
Krebs, whose website was targeted by a similar attack in September, said the XiongMai devices are “essentially unfixable” and will remain a danger to others unless they are totally removed from the internet.
The method appears to have been a Distributed Denial of Service attack.
Dyn, which is based in Manchester, New Hampshire, said that by 9:30 a.m., the first assault was stopped, but at 11:52 a.m., its servers were again attacked, and then under a traffic deluge again at 5 p.m.
On a call with reporters Friday afternoon, the company said they were still responding to the attacks. The FBI and US Department of Homeland Security are reportedly investigating these attacks.
Even though many security analysts have said concerns about attacks knocking out entire swathes of the internet are overblown, this week’s attacks show there are still plenty of opportunities to create considerable disruption.
The incident took offline some of the most popular sites on the web, including Netflix, Twitter, Spotify, Reddit, CNN, PayPal, Pinterest and Fox News, as well as newspapers including the Guardian, the New York Times and the Wall Street Journal.
“We have been aggressively mitigating the DDoS attack against our infrastructure”. IoT devices also have the disadvantage of not being able to run standard cyber security software.
Thus far, officials still have not determined exactly who was behind the attacks, with Dyn’s chief strategy officer, Kyle York, telling Reuters, “The complexity of the attacks is what’s making it very challenging for us”.
A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources, and the company said the attack is “mainly impacting US East”.
External peripherals were used as weapons in hacking by the cyber attackers.
The attacks were carried out partly through the “internet of things” – physical devices like printers and appliances connected to the internet. It apologised to customers for the inconvenience and said that its networks had not been hacked. Twitter has confirmed the news.
But this issue has been resolved and the service was now operating normally, it noted.