Participants Unknown | ||
 | ||
Time 12:10 – 14:20 UTC
16:50 – 18:11 UTC
21:00 – 23:11 UTC Date October 21, 2016 (2016-10-21) Location Europe and North America, especially the Eastern United States Type Distributed denial-of-service Suspect(s) New World Hackers, Anonymous
(self-claimed) | ||
The 2016 Dyn cyberattack took place on October 21, 2016, and involved multiple distributed denial-of-service attacks (DDoS attacks) targeting systems operated by Domain Name System (DNS) provider Dyn, which caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.
Contents
As a DNS provider, Dyn provides to end-users the service of mapping an Internet domain name—when, for instance, entered into a web browser—to its corresponding IP address. The distributed denial-of-service (DDoS) attack was accomplished through a large number of DNS lookup requests from tens of millions of IP addresses. The activities are believed to have been executed through a botnet consisting of a large number of Internet-connected devices—such as printers, IP cameras, residential gateways and baby monitors—that had been infected with the Mirai malware. With an estimated throughput of 1.2 terabits per second, the attack is, according to experts, the largest DDoS attack on record.
Timeline and impact
According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00 a.m. (EDT) and was resolved by 9:20 a.m. A second attack was reported at 11:52 a.m. and Internet users began reporting difficulties accessing websites. A third attack began in the afternoon, after 4:00 p.m. At 6:11 p.m., Dyn reported that they had resolved the issue.
Affected services
Services affected by the attack included:
Investigation
The US Department of Homeland Security started an investigation into the attacks, according to a White House source. No group of hackers claimed responsibility during or in the immediate aftermath of the attack. Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks. Barbara Simons, a member of the advisory board of the United States Election Assistance Commission, said such attacks could affect electronic voting for overseas military or civilians.
Dyn disclosed that, according to business risk intelligence firm FlashPoint and Akamai Technologies, the attack was a botnet coordinated through a large number of Internet of Things-enabled (IoT) devices, including cameras, residential gateways, and baby monitors, that had been infected with Mirai malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect Inc. another security firm. Dyn stated that they were receiving malicious requests from tens of millions of IP addresses. Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely. Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet in an open-source manner some weeks prior, which will make the investigation of the perpetrator more difficult.
On 25 October 2016, President Obama indicated that the investigators still had no idea who carried out the cyberattack.
Perpetrators
In correspondence with the website Politico, hacktivist groups SpainSquad, Anonymous, New World Hackers claimed responsibility for the attack in retaliation for Ecuador's rescinding Internet access to WikiLeaks founder Julian Assange at their embassy in London, where he has been granted asylum. This claim has yet to be confirmed. WikiLeaks alluded to the attack on Twitter, tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point." New World Hackers has claimed responsibility in the past for similar attacks targeting sites like BBC and ESPN.com.
On October 26, FlashPoint stated that the attack was most likely done by script kiddies.