As you may recall, a number of prominent web platforms shut down on Oct. 21 due to a distributed denial of service attack on Dyn, a major domain name service. The cyber attack repeatedly took out sites like Twitter, Reddit and Spotify (among many others) throughout the United States over the course of the day.
Since the 21st, service has operated relatively smoothly with the exception of a brief Twitter shutdown early Monday morning. But how was it possible for dozens of significant websites to go down all at once? Apparently the agents responsible for the hacking used new, innovative weapons to disrupt the internet that morning.
Why Twitter, Reddit and Spotify went down
According to cybersecurity experts, the hackers responsible for the DDoS attack used commonplace consumer tech devices that can be found in homes across the U.S.
The New York Times reported that "hundreds of thousands" of devices ranging from cameras to baby monitors and wireless routers were infected with software that allowed the hackers to flood Dyn's servers with an abundance of traffic. The one thing these devices all shared in common: a connection to the internet.
It's a clever strategy due to its not-so-obvious sourcing, and a number of researchers have been warning about the possibility of an attack of this nature for some time now. These "internet of things" devices leave servers vulnerable.
Well-regarded cybersecurity journalist Brian Krebs wrote that the source code of those devices' botnets "virtually [guarantee] that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices," as reported by the Atlantic.
Since the Oct. 21 attack, hacker collectives Anonymous and New World claimed responsibility for the disruption, though researchers are not sure they were the true perpetrators.
Fortunately, there haven't been any major incidents since, but this new IoT method of attack could cause problems again in the future.