The FBI and Department of Homeland Security are investigating a widespread internet disruption today that appears to be the result of repeated attacks on a critical internet infrastructure service -- attacks that this morning caused hours-long disruptions of major sites like Twitter, Reddit and Spotify for many users in the U.S.
Dyn, Inc., a firm that provides some hosting services for the internet's Domain Name System (DNS), posted online that its engineers are working to "mitigate several attacks" aimed at their DNS infrastructure.
The DNS, in the simplest terms, works like the phone book for the internet. When a user types an internet address into a browser, the DNS converts the name into a numeric IP address and sends the user on its way. Dyn said the first attack this morning was a distributed denial of service (DDoS) attack, which overwhelms its target with traffic until it's paralyzed.
Kyle York, Chief Strategy Officer at Dyn, told ABC News that DDoS attacks are daily occurrences, but this one is "just incredibly sophisticated and complex." York said "tens of millions" of I.P. addresses -- meaning an incredibly large botnet or network of botnets -- appear to be involved in attacking the firm.
The first attack on Dyn appeared at least temporarily to have trickled down to some of the internet's most popular websites. Within a few hours, Dyn reported service had been restored, but then the next wave appeared. It's unclear which, if any, major sites have been affected by the follow-on attacks.
York said the second attack has "ebbed and flowed" since it began early this afternoon.
Last week the Department of Homeland Security's U.S. Computer Emergency Readiness Team warned users of a "heightened DDoS threat" as more and more internet-connected devices are being surreptitiously used as part of botnets to flood target systems. The last few weeks have seen record-setting DDoS attacks, DHS said, and source code for one major type of attack was recently released online, meaning anyone with a little know-how might be able to command a very large army of bots.
York said Dyn suspects one infamous botnet described in the DHS alert, known as Mirai, is being used in the current attack.
DDoS attacks are generally unsophisticated in nature and Martin McKeay, security advocate at online content delivery firm Akamai, said that while knowing to target and somewhat successfully strike a DNS host service is a step up from the run of the mill attacks, it's a small step.
McKeay said that it's impossible to know at this point who's behind the attack, but it could be anyone from a young hacker messing around, to hackivists, to a criminal organization or even a nation state.
York declined to speculate on who might be behind the attack, but described it as much more advanced than the average DDoS assault. Dyn, he indicated, is not exactly an easy target and they've "been dealing with this all day."
US Investigating Repeated Cyberattacks; Twitter, Other Major Sites Temporarily Knocked Out