If your favorite internet service isn’t working today, you are not alone.
Early Friday morning, Dyn, a company that provides Domain Name Servers (DNS) for a lot of heavily trafficked websites and services, came under a massive Distributed Denial of Service (DDoS) attack. This has disrupted access to many sites for people across the U.S. Yes, it’s why your Spotify app is offline, why you can’t stream Netflix, and why Twitter won’t load. Thankfully for the time-wasters out there, Facebook is still going strong.
Someone overwhelmed Dyn, which acts as the middleman between the URL you type into a browser and the actual, numerical address your computer needs to access the site you’re trying to reach, sending it overwhelming amounts of traffic, likely using hacked Internet of Things devices. Dyn seemed to have the attack under control late Friday morning, but then it resumed and spread. As of now Dyn is still working on the problem, and the Department of Homeland Security is investigating the attack.
DDoS attacks work by sending so many requests to a site or service that it goes down or becomes impossibly slow under the weight of them all, and are often aimed at individual websites (more on how that works here). But this time, by attacking a DNS provider, whomever’s behind the attack (it remains unclear) has taken down a bunch of sites and services at once. So what are those sites?
If you’re on Twitter or Tweetdeck, you’ll have noticed that it’s been up and down, working sometimes and not working a lot more. Slack also reports that it’s having problems.
A thread on HackerNews has documented that GitHub, Heroku, Paypal, Etsy, Spotify, Soundcloud, Reddit, Crunchbase, and Netflix have all been having trouble because of the attack, though some of those are now working intermittently again.
The attack has also had an effect on Amazon Web Services, the company’s web hosting arm, some of which is supported by Dyn.
Gizmodo compiled a list from its readers that includes news sites (BBC, CNN, The New York Times), other entertainment services (HBO Now, Elder Scrolls online) and a smattering of others (Yelp, Freshbooks, various Squarespace sites, Pinterest, Twilio, and NHL.com, among them).
According to a map of the outage from the site downdetector.com, the outage is mostly affecting the the eastern seaboard, the midwest, California, and parts of Texas as of 2:00 PM EST. That said, it’s spread in the past half-hour.
Some sites (Pornhub, for instance) have avoided being affected by the DDoS attack because they subscribe to multiple DNS providers, and at the moment Dyn is the only one under attack. So at least porn fans are not deprived today.
We should probably be very concerned that this is happening. As security expert Bruce Schneier wrote last month, hackers have been getting much better at building the botnets (networks of computers) required to carry out these attacks. Via Schneier in September:
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
The internet’s infrastructure is always less secure than you think, whether it’s because your router is poorly secured or there’s a rupture in the undersea cables that carry information from continent to continent. But the possibility that we’ll see more attacks like these, and that they’ll be more effective, should have everyone alarmed.
If you hear or experience other sites going down, feel free to tell me at email@example.com. For now, you may wanna sit tight and read a book if you can.
Update (3:25): Readers point out that PicMonkey, Ticketfly, and quite ironically, outageanalyzer are all on the fritz due to the DDoS attack.
Update (3:34): Another reader says she’s having trouble accessing Quora.
Update (3:40): Ditto Business Insider, Zillow, Box.com, and Tableau.com.
Update (3:56): Readers report trouble with GrubHub, Overstock, Walgreens, Ruby Lane, Pixlr, and (ironically again) isitidownrightnow.com.
Update (4:10): More reader reports. This time: DirecTV, Playstation Network, Ancestry.com, HostGator, FiveThirtyEight, and SpeedTest.