ItsGeekToMe.co

I’m going to take a break from answering reader questions this week to explain the hows and whys of the recent large scale cyber-attack that affected east-coast United States users of some of the largest sites on the worldwide web. I’ve received a lot of e-mail recently that leads me to believe that even you, my dear Geeks (who, by your very nature, are some of the brightest minds in the Internet) are as a group, woefully under informed on issues of cyber-security.

First of all, for those of you mushroom farmers who were so deep in your caves that you didn’t even hear about this major event, I’ll explain. A group of the “Internet bad guys” that I’m always warning you about performed a series of attacks on October 21, 2016, that effectively prevented users in large swaths across the U.S. from accessing around 70 of the Internet’s most popular destination sites, including Amazon, CNN, Fox News, Netflix, PayPal, Pinterest, Reddit, Tumblr, Twitter, Visa, The Wall Street Journal, and dozens more. The actual event was what is called a Distributed Denial-of-Service or DDoS attack, and it took place, not directly against the affected sites, but rather against a Domain Name System (DNS) provider named Dynamic Network Services Inc., or Dyn for short.

You may not realize it, but every time you type a URL into your browser’s address bar, or even click on a hotlink on a page, you are using a DNS provider. You see, although names like Amazon.com, are easy for us humans to read, remember and retype, they don’t really mean anything to the Internet or the Web. Those run on IP addresses; the dot-separated groups of numbers that your typical computer user usually only has to deal with when configuring network hardware. The function of a DNS is to work behind the scenes, translating those human friendly names into Internet-friendly addresses. The process is usually swift and invisible, but if it stops working, computers lose the ability to retrieve the IP address of named websites. By attacking Dyn rather than any of the sites themselves, the cyber-criminals were able to cut-off access to this name translation, effectively removing the ability for huge numbers of users to access the sites serviced by Dyn.

The theory behind a Denial-of-Service attack is to send the target site an overwhelming number of network requests. Under normal operation, a website is expected to respond to all such requests. So, if someone wants to deny other users the ability to use that site, all they need to do is send a large number of bogus network requests, and keep the site so busy sifting through all the garbage and generating responses that there is no time left for it to process legitimate requests (hence the name “denial-of-service”). It used to be that a site could be overwhelmed with just a few megabytes (millions of bytes) per second of network traffic, but nowadays, most sites like Dyn can easily absorb that much without any noticeable impact. It is said that the data rate in the recent attack exceeded a terabyte, which is to say a trillion bytes, per second. By comparison, if your home Internet connection is 10 mb/s, which is considered to be “high-speed”, it would take 100,000 similar connections working in tandem and operating at full bandwidth to generate that much data.

So, how did they pull it off? Well, you’ve only heard half of the story, but I’m out of space for this week. Next week, I’ll explain how the hackers achieved such a massive data rate, and how, without even knowing it, you might actually have participated in this attack.