Details Emerge On The Big Internet-of-Things Hack: This Is Just Sick
Uh Oh: Internet Security Pro Hit By Botnet Made Of Internet-of-Things Connected Cameras
This is very bad.
Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related....MORE
Update 12:28 PM EST: Dyn says it is investigating yet another attack, causing the same massive outages experienced this morning. Based on emails from Gizmodo readers, this new wave of attacks seems to be affecting the West Coast of the United States and Europe. It’s so far unclear how the two attacks are related, but the outages are very similar.
In order to understand how one DDoS attack could take out so many websites, you have to understand how Domain Name Servers (DNS) work. Basically, they act as the Internet’s phone book and facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter. Some websites are coming back for some users, but it doesn’t look like the problem is fully resolved.
Dyn posted this update on its website: “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”
Here’s a list of websites that readers have told us they are having trouble accessing:
Squarespace Customer Sites
Starbucks rewards/gift cards
Wix Customer Sites
New York Times
Elder Scrolls Online
See also Gizmodo's "Today's Brutal DDoS Attack Is the Beginning of a Bleak Future"
On the other hand, and on another subject, different from the DNS servers, our little site is hosted on Google's servers which would probably register a 2 million bot DDoS attack as "Say, we've got a 5% blip in traffic" (the goog gets a lot of traffic) and which allows us to take a more sanguine view of things:
See also: "Cloud Computing: One 'hiccup' and 'boom' - Amazon Web Services is 'gone'--Cisco President (AMZN)" and Econophysics: Or Why, When it Comes to Economics, We All Behave like Particles"
Where synchronization is going to get very interesting is when some critical mass of businesses migrate to cloud computing, say Amazon's Amazon Web Service, and someone takes down AWS.
Unlike the good old days where a computer problem put one company at risk you'll have dozens, hundreds or thousands of companies frozen, all their economic activity halted at the same time.
That's synchronization baby!