Popular sites like Reddit, Twitter and Netflix down in massive cyber attack
NEW YORK –A number of popular websites like Twitter and Netflix went down for some users on Friday in a massive cyberattack.
Affected sites included Twitter, Etsy, Github, Vox, Spotify, Airbnb, Netflix and Reddit.
Dyn, which manages website domains and routes internet traffic, experienced two distributed denial of service attacks on its DNS servers. A DDoS attack is an attempt to flood a website with so much traffic that it impairs normal service.
“If you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we’re seeing today,” said Jeremiah Grossman, chief of security strategy at cybersecurity startup SentinelOne.
Dyn said the attack started at 7 a.m., and was resolved later Friday morning. But issues continued, and by Friday afternoon, Dyn said it was investigating a third attack.
Initially, outages were primarily impacting those on the East Coast, but by midday Friday, people in Europe were reporting outages as well.
“We’ve never really seen anything this targeted [that] impacts so many sites,” said David Jones, director of sales engineering at software IT company Dynatrace. “Typically DDoS attacks are targeted at individual sites. DNS is like a phone book: this is like someone is attacking the phone company and burning all the phone books at the same time.”
No one has claimed responsibility for the attack yet. A government official said the U.S. is “looking at all possible scenarios including possible cyber activity.”
On Friday afternoon, WikiLeaks posted a tweet asking its supporters to stop the DDoS attacks, although it was not immediately clear if they were behind it.
Amazon Web Services was also experiencing connectivity issues on Friday around the same time as the Dyn attacks. AWS is used by more than 1 million companies, including GE, News Corp. and Capital One.
“These [DDoS attacks] take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” wrote security technologist Bruce Schneier in a blog post last month.