Dyn, a New Hampshire internet services company, reported the attack early Friday. Hours later, the company said service was back to normal. Dyn said the cause was a large-scale yet unsophisticated attack that temporarily overwhelmed its servers.
TechCrunch reported Friday morning that the music service Spotify and the websites of the Boston Globe, New York Times, Airbnb, Reddit and Github were also affected.
These types of attacks are known as distributed denial of service, or DDoS. And they’re on the rise, said Vince Berk, chief executive of FlowTraq, a network security company that specializes in detecting and defeating DDoS attacks.
As security experts get better at keeping threats at bay, hackers are increasingly turning to the DDoS attack, which he described as the “crudest form of an attack you can perpetrate.”
A DDoS attack blocks users trying to access a site. If you wanted to slow down business at a bricks-and-mortar post office, for example, you could gather a thousand friends to get in line all at once and buy 100 stamps each. That would prevent other customers who want to mail packages from getting service. This is similar to how a DDoS attack works, Berk said.
To attack a company as large as Dyn, a hacker needs to commandeer a large number of computers and program them to all start sending traffic to Dyn at the same time. By doing this, the hacker will clog up the site with so much “junk traffic” that they cannot serve actual customers, according to a blog post from security expert Brian Krebs, whose own site was the target of a DDoS attack in September.
Companies like Dyn are a “prime target,” Berk said, because of their role in communicating with internet browsers to translate a web address into an IP address – the numeric code that corresponds to a web page. By attacking a company like Dyn, hackers can take down a vast number of websites at once.
The exact magnitude of the attack is unclear at this point, Berk said.