If you happen to live in the Eastern United States, or in and around Toronto, Canada you may have noticed that on Friday, October 21st you could not access some of your favorite websites for the majority of the day.
I was in Toronto. It was my first day “working from home” for a new job, the only requirement was having a good WiFi connection so that I could access my Zendesk account (the website our company–and a host of others–use to accept calls and correspond with our customers via email).
At 9AM I pulled out my laptop and got ready to get to work. To my horror, I could not connect to Zendesk. I double checked my WiFi connection, which was fine, but I kept getting an error message telling me “the DNS server either does not exist or is incorrect”. At a loss, I switched over to Spotify (a popular music streaming website) to play some jazz while I made a coffee and tried to figure out what was going on. No luck, Spotify was not working for me either.
As it turns out, I was experiencing the first of first of several major DDoS (Distributed Denial of Service) attacks on the DNS server belonging to a company called Dyn. There was a second larger attack later that day, around noon, and a third attack around 4PM, Eastern Time. The attack knocked out access to handful of major websites including Netflix, PayPal, Twitter, Spotify, Etsy, Comcast, Verizon and more.
Now to understand what this all means and why it was an important event in the history of the Internet, it might help to understand what a DNS server is. DNS stands for Domain Name System. You can think of a DNS server a bit like a phonebook. When you type in a website’s name like “Facebook” a DNS server translates that name into a series of numbers so that your computer can connect–a bit like looking up my phone number to talk to me.
A DDoS attack involves flooding a DNS server with requests and overwhelming the system. In this case it involved hijacking millions of unsecured internet-connected devices such as printers, webcams and even baby monitors. Of course Dyn has multiple security measures in place, but a DNS server must operate a bit like a hospital–every request that comes in must be admitted to facilitate traffic.
The DDoS attacks on October 21st were unprecedented in their scale and intensity. This was a coordinated and premeditated attack affecting millions of North Americans– and even parts of Europe. Check out our maps of the affected areas. The first map shows a broad view of all affected areas involved in the second attack. The second map zooms in on those affected in North America–the hardest hit are those areas in red. Not only was it inconvenient for your average internet user, it cost companies, such as Amazon and Airbnb, major losses in revenue. A disruption of this magnitude has major economic implications and gestures toward a larger trend.
Awareness of the importance of cyber security is on the rise. Take the presidential debate, in which Clinton and Trump fired shots over who could best defend the nation against foreign cyber attacks. In the fashion world, ever a thermometer of popular sentiments, designers have adopted hacking cyber influences as a major trend. Cyber security is literally in Vogue.
The reasons are simple: as technology and the internet become more advanced–and more ingrained in our everyday lives–so too will cyber criminals.
The DDoS attack on Dyn was accomplished, in large part, because a number of individuals are not walking the walk when it comes to shoring up their online security.
So how can you stay protected?
As part of the campaign for National Cyber Security Awareness Month–which started at the beginning of October–the National Cyber Security Alliance suggested these tips:
Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. On websites like Facebook you can modify what the public sees by changing your privacy settings. It’s OK to limit how and with whom you share information.
Personal information is like money. Value it. Protect it.: Information about you, such as purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected by apps and websites.
Keep a clean machine: Keep all software on internet-connected devices –including PCs, smartphones and tablets– up to date to reduce risk of infection from malware.
Staying vigilant about cyber security is a shared responsibility when using the internet. It can help prevent major attacks like the one on October 21st. It also keeps your devices running smoothly and helps to protect your personal information.