Today’s nation-wide internet outage was enabled thanks to a Mirai botnet that hacked into connected home devices, according to security intelligence company Flashpoint. The distributed denial of service attack targeted Dyn, a large domain name server, and took down Twitter, Spotify, Reddit, The New York Times, Pinterest, PayPal and other major websites.
“Flashpoint has observed Mirai attack commands issued against Dyn infrastructure,” Flashpoint writes. “Analysts are still investigating the potential impact of this activity and it is not yet clear if other botnets are involved.”
Mirai is not a new hacking tool. A massive Mirai attack took down the site of popular security researcher Brian Krebs in late September, peaking at a nearly unprecedented 620 Gbps. Mirai takes advantage of weak security protocols on IoT devices — in the Krebs case, 145,000 devices were infiltrated, including security cameras and DVRs in homes and offices around the world.
The author of the Mirai malware made its code open-source, and security experts have been warning of a possible large-scale attack since this information came to light.
For its part, Dyn is attempting to stem Friday’s attack on its servers. At 3:30PM ET, the company announced the attack had entered its third wave.
“We are actively in the third flank of this attack,” Chief Strategy Officer Kyle Owen said, according to TechCrunch. “It’s a very smart attack. As we mitigate, they react.”
To anyone who is still able to read this story: Congrats. Also, we’re doomed.
Internet users around the world, but mostly in the US, reported that some top websites were not loading on Friday morning.
The affected sites include Amazon, Twitter, Netflix, Etsy, Github, and Spotify.
The issue is currently ongoing.
It was mostly resolved at 9:20 a.m. ET, but at 12:07 p.m. ET, the issue started to crop up again, according to one of the companies at the center of the apparent cyber attack.
At 4:16 p.m. ET, Dyn said that it was facing a third wave of attacks, CNBC reported.
The issue appears to have something to do with DNS hosts — in particular, Dyn, one of the biggest DNS companies.
Domain Name Servers are a core part of the internet’s backbone. They translate what you type into your browser —, for example — into IP addresses that computers can understand.
Dyn said on Friday that it suffering a DDoS attack, or a distributed denial of service. That basically means hackers are overwhelming Dyn’s servers with useless data and repeated load requests, preventing useful data — the Twitter IP address, for example — from getting through.
The second round of attacks seems to effect the West Coast of the US and Europe as well.
Here’s how the day has unfolded, according to Dyn, the company being attacked.
7:10 a.m. ET:
“Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”
8:45 a.m. ET:
“This attack is mainly impacting US East and is impacting Managed DNS customer in this region. Our Engineers are continuing to work on mitigating this issue.”
9:36 a.m. ET:
“Services have been restored to normal as of 13:20 UTC.”
As of 12:06 p.m. ET, the attack had returned:
“As of 15:52 UTC, we have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue.”
12:48 p.m. ET:
“This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue.”
1:53 p.m. ET:
“Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.”
2:23 p.m. ET:
“Dyn Managed DNS advanced service monitoring is currently experiencing issues. Customers may notice incorrect probe alerts on their advanced DNS services. Our engineers continue to monitor and investigate the issue.”
2:52 p.m. ET:
“At this time, the advanced service monitoring issue has been resolved. Our engineers are still investigating and mitigating the attacks on our infrastructure.”
3:44 p.m. ET:
“Our engineers are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.”
CNBC reported that Amazon investigated the issue as well. “Amazon & DynDNS investigating internet outage reports on east coast of U.S. amid reports of major websites not working properly,” it somehow tweeted.
Earlier this month, the United States transferred its oversight of DNS to an international non-profit group, a move that had been more than 20 years in the making.
Here’s a map of reported outages as of 9:20 a.m. ET, via Down Detector: