Several of the world’s best-known websites were inaccessible across parts of the United States on Friday after hackers unleashed a series of attacks on a company that acts as a switchboard for the internet.
The attacks affected access to Twitter, Paypal, Spotify and other customers of the infrastructure company in New Hampshire called Dyn, which processes large volumes of internet traffic.
“The attacks came in waves,” Al Jazeera’s Rob Reynolds, reporting from Los Angeles, said. “First targeting the East Coast of the United States, spreading then to the other parts of the country and even to Western Europe.”
“The websites that were disrupted were some of the top names in the internet: CNN and the New York Times, AirBnB, Reddit, HBO … a whole variety of sites were attacked.”
“Dyn is kind of a middle man that directs users to different websites and routes traffic from server to server in a complex way,” said Reynolds.
The attackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code that allowed them to cause outages.
“This type of attack is known as a distributed denial of service attack [DDoS],” explained our correspondent. “They used affected computers to fire requests at the servers of Dyn simultaneously and essentially overwhelm it.”
“The complexity of the attacks is what’s making it very challenging for us,” Dyn’s chief strategy officer, Kyle York, told Reuters news agency.
York said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai.
Security researchers have previously raised concerns that such connected devices, sometimes referred to as the Internet of Things, lack proper security.
The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, said Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyse the attack.
The Department of Homeland Security last week issued a warning about attacks from the Internet of Things, following the release of the code for Mirai.
On Friday, Dyn said in a statement that it had resolved one morning attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By Friday evening, it was fighting a third.
“The company fought back and was able to get things under control again,” our correspondent said. “But there were additional waves of attack. So this seems to be an ongoing situation.”
Attacking a large domain name service provider like Dyn can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.
The disruptions come at a time of unprecedented fears about cyber threats in the US, where hackers have breached political organisations and election agencies.
The US government has formally accused Russia of conducting cyber attacks against US political organisations during the campaign for the November 8 presidential election, including hacking of Democratic Party emails.
The US Department of Homeland Security and the FBI said they were investigating the attack on Dyn.
“We still don’t know who is responsible for this attack,” Reynolds said. “But it certainly seems to be an attack that took coordination and possibly a lot of resources. So this is not some teenaged kid in a basement somewhere hacking for fun.
“The purpose behind their attack is also very vague since nothing was stolen. It was just disruptive, so some people are theorising that someone is trying to figure out how to shut down the internet.”
WikiLeaks, a whistle blowing organisation that has been publishing hacked emails that allegedly belong to Democratic presidential nominee Hillary Clinton’s campaign chairman John Podesta, implied in a tweet that its supporters may be behind the attack and asked them to “stop taking down the US internet”.
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL
— WikiLeaks (@wikileaks) October 21, 2016
WikiLeaks has recently said that founder Julian Assange’s internet access has been cut by an unidentified state actor.
Ecuador’s government later admitted that it had partly restricted internet access for Assange, who has lived in the South American country’s UK embassy to avoid extradition to Sweden since mid-2012.
WikiLeaks’ decision to publish documents affecting the US election was entirely its own responsibility, and the country did not want to meddle in election processes or favour any candidate, Ecuador said.