What the hell is Dyn?
On Friday, the internet wasn’t quite silenced, but it was certainly muffled. A cyberattack aimed at knocking many of the world’s major websites offline made targets as varied as Twitter, Airbnb, Etsy, and The New York Times inaccessible to a large swath of internet users on the United States’ East Coast for multiple hours. In all, at least three separate attacks were levied against Dyn, an internet infrastructure company that is part of the invisible network glue that keeps the online world humming. If you are a cybersecurity expert, you may be asking the question, “Does this attack portend a future where any nation-state, activist group, or teenage troll with a modem can leverage vulnerable technology to limit access to digital information?” If you’re not a cybersecurity expert, you may have have more basic questions like … “What the hell even happened Friday and what the hell is Dyn?”
There’s no such thing as a stupid question (Yahoo Answers questions excluded). So to sum things up very, very quickly: Dyn is a company that translates URLs from things humans understand (taco.com) into things computers understand (taco.com’s IP address, which is 188.8.131.52). A bad actor used thousands of vulnerable internet-connected gadgets like video cameras to overload Dyn with traffic, so the company was unable to match URLs to their corresponding IP addresses. Many different websites use Dyn, which is why the effect of the attack was so widespread. The compromised gadgets used in the attack likely had super-obvious default passwords that made them easy to corral into a zombie army, which is an actual cybersecurity term. Because neither consumers nor companies actually care that much about cybersecurity, gadgets vulnerable to hacking will likely continue to proliferate, making such an attack likely again in the future. Everything was amazing, but no one was happy, so now we don’t even get the amazing part anymore.
Want to know more? Check out this additional reading (and watching) on how last week’s internet attack was executed, what it means for the future, and if there’s anything you can do to prevent the next attack.
If your knowledge of internet acronyms doesn’t extend beyond LMAO: Start with this mini-glossary over at Time.com that explains much of the jargon being used to describe Friday’s attack, including distributed denial of service (DDoS) and Domain Name System (DNS).
If you want to know more about big DDoS attacks: Wired has a timeline of previous denial-of-service attacks launched by hacktivists, political operatives, and, of course, pissed-off gamers.
If you want to know what nefarious software was used to orchestrate the attack: Read Ars Technica’s backgrounder on Mirai, the malware that is thought to have been used in Friday’s attack and is specifically geared toward taking over Internet of Things devices. The source code for Mirai was recently released to the public, so anyone can now hijack an army of inanimate objects to do their digital bidding.
If you want to know what nefarious hardware might have been used to orchestrate the attack: Cybersecurity journalist Brian Krebs’s own site was taken down by a DDoS attack last month. He was able to compile a list of the devices that were likely to have been used in the attack on his site and still would have been vulnerable to be hacked in Friday’s attack.
If you’d like someone to explain how the internet works in a style similar to Sesame Street, not because you don’t get it, but just because, you know, you want to be able to explain this stuff to other, dumber people in the simplest terms possible: Check out this Code.org video about IP addresses and the Domain Name System. It’s even narrated by Vint Cerf, a former DARPA manager who’s known as one of the fathers of the internet.
If you are ready to don the cape of cybersecurity justice: Mashable has some tips on how to ensure your internet-connected devices aren’t helping to create a Black Mirror–style digital dystopia (hint: change the password).
If you want to expand your cybercrime knowledge: Follow Brian Krebs on Twitter @BrianKrebs, where he often posts links to both his detailed blog posts and quality cybersecurity reporting from other outlets.