Someone successfully shut down many websites Friday, attacking a crucial part of the internet that has been made more vulnerable due to an Obama administration decision to surrender American control, according to experts.
Websites like Twitter, Spotify, Reddit and many others were not working for a large portion of U.S. citizens Friday, after unknown hackers breached the servers of Dyn, a major domain name system (DNS) host. Essentially the “yellow pages” of online addresses, DNS is the technical network that converts web address names into numbers.
“We began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time,” Dyn announced in a published update.
The cyber-crime, which was likely conducted by a syndicate, issued a distributed denial of service (DDoS) attack, which renders certain networks and websites inaccessible to users. The hacker(s) bombarded part of the internet’s infrastructure by directing several devices and the respective unique Internet Protocol (IP) addresses (the numerical label assigned to every device) to targeted online systems. Dyn’s DNS became inundated with so much traffic, it could no longer facilitate the navigation of the web.
Electronic devices that were likely taken over could be anything with internet capacity, like smartphones, cameras, TVs, and PCs (maybe even toasters).
The perpetrators probably “hijacked the devices by installing the malware and then conscripted them into a ‘botnet,’ which is essentially an army of electronic devices unwittingly controlled by an unauthorized individual or entity,” Jeff Baron, a web pioneer who owned an accredited domain name registrar business, told The Daily Caller News Foundation (TheDCNF).
The botnet is then commanded to simultaneously send data to its target “to disable it like a tsunami flooding and oceanfront building,” Baron continued. The targets here were Dyn’s “authoritative nameservers,” which are machines that oversee the mapping of IP addresses. These nameservers are required for connecting users to the websites they are requesting to access.
“Think of your GPS being shut off while you are traveling to an unfamiliar location in a foreign city,” Baron explained. “Dyn’s nameservers are responsible for over 170,000 domain names and websites including Twitter and Paypal.”
Sites like Google, Yahoo and thousands of others were unaffected because they do not use Dyn’s nameservers. And the online shutdown was only seen in certain parts of the world (mainly the Northeastern United States) because nameservers segregate internet traffic by region.
It is not yet known who is responsible for the attack. But what is clear is that such attacks could become a serious and constant problem for America’s internet infrastructure, which is absolutely critical for a number of things like the country’s electoral process, national security, and system of commerce.
President Barack Obama and the National Telecommunications and Information Administration (NTIA) essentially recently relinquished control over a vital part of the internet. They let the contract between the American-based nonprofit, the Internet Assigned Numbers Authority (IANA), and Internet Corporation for Assigned Names and Numbers’ (ICANN) expire on Oct. 1 so a transition of internet DNS stewardship to a global organization could occur.
While such attacks were possible (and did materialize) under IANA control of the DNS, giving up internet power to a global multistakeholder offers other nations a direct stake in management.
“The biggest concern is that countries who don’t value internet freedom, who silence online speech and censor the web, will be able to directly shape internet policy,” Drew Johnson, national director of Protect Internet Freedom, told TheDCNF.
Countries like Russia and China, which not only censor the internet for its own populace, but also have been accused of hacking U.S. government institutions, will likely have a significant say in the administration of the international internet system.
It is not yet known where the attack on Dyn originated, “but DDoS attacks are often coordinated from out of the United States, so the U.S. government’s power is very limited in these circumstances.”