Last Friday, large parts of the internet in the United States were shut down by a series of attacks on a single company. The attackers deployed an old tool — distributed denial of service (DDoS) attacks — in a new and unprecedented fashion. The results were worrisome, not only because of the impact, but because they are a harbinger of the digital future and the ever more visible vulnerabilities of a networked world.
A DDoS attack is an assault on a web server in which the website is overwhelmed by the sheer quantity of data directed at it. In this case, the target was a company called Dyn, a small (500 employee) New Hampshire-based domain name service provider that is used by many of the largest internet companies. Dyn's computers translate the URL that a user types into a web browser into a numerical IP address. Flooded by data at a rate of 1.2 terabits per second, the computers could not sort genuine requests from junk and all services were shut down.
The scale of the attack was facilitated by the use of thousands of devices that are connected to the internet but are not computers — household appliances such as refrigerators, thermostats, and even baby cameras, or closed circuit TV cameras — which are often referred to as the internet of things (IoT). These devices were hijacked by a readily available piece of malware called Mirai, which the hackers used to magnify the number of digital messages sent to the Dyn computers. It is estimated that as many as 550,000 devices around the world have been infected with Mirai, and last week's attack used just 10 percent of them. When these devices are linked together and controlled by malware they are called a "botnet."
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.