London — Cyber attacks on a key internet firm repeatedly disrupted the availability of popular websites across the United States Friday, according to analysts and company officials.
The White House described the disruption as malicious. Members of a hacker group spread across China and Russia claimed responsibility, although their assertion couldn't be verified.
Manchester, New Hampshire-based Dyn said its server infrastructure was hit by distributed denial-of-service attacks, which work by overwhelming targeted machines with junk data traffic. The attack had knock-on effects for users trying to access popular websites from across America and even in Europe, affecting sites such as Twitter, Netflix and PayPal.
The level of disruption was difficult to gauge, but Dyn provides internet traffic management and optimisation services to some of the biggest names on the web, including Twitter, Netflix and Visa.
Critically, Dyn provides domain name services, which translate the human-readable addresses such as "twitter.com" into an online route for browsers and applications.
Steve Grobman, chief technology officer at Intel Security, compared an outage at a domain name services company to tearing up a map or turning off GPS before driving to the department store.
"It doesn't matter that the store is fully open or operational if you have no idea how to get there," he said in a telephone interview.
Jason Read, founder of the internet performance monitoring firm CloudHarmony, owned by Gartner, said his company tracked a half-hour-long disruption early Friday in which roughly one in two end users would have found it impossible to access various websites from the East Coast. A second attack later in the day caused disruption to the East and West Coasts as well as impacting some users in Europe.
"It's been pretty busy for those guys," Read said. "We've been monitoring Dyn for years and this is by far the worst outage event that we've observed."
Read said Dyn provides services to some 6 percent of America's Fortune 500 companies.
"It impacted quite a few users," he said of the morning's attack. A full list of affected companies wasn't immediately available, but Twitter, Netflix, PayPal and the coder hangout Github said they briefly experienced problems earlier Friday.
Hackers claim responsibility
Members of a shadowy hacker collective that calls itself New World Hackers claimed responsibility for the attack via Twitter. They said they organised networks of connected "zombie" computers that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.
"We didn't do this to attract federal agents, only test power," two collective members who identified themselves as "Prophet" and "Zain" told an AP reporter via Twitter direct message exchange.
They said more than 10 member participated in the attack. It was not immediately possible to verify the claim.
Dyn officials said they did not know who was behind the attacks or if they were orchestrated by a state-backed group or online activists or pranksters. They said they have received no claim of responsibility, but are working with law enforcement.
The collective, @NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks against sites including ESPNFantasySports.com in September and the BBC on Dec. 31. The attack on the BBC marshalled half the computing power of Friday's onslaught.
The collective has also claimed responsibility for cyberattacks against Islamic State. The two said about 30 people have access to the @NewWorkdHacking Twitter account. They said 20 are in Russia and 10 in China. "Prophet" said he is in India. "Zain" said he is in China. The two claimed to be taking "good actions."
Another collective member the AP previously communicated with via direct message called himself "Ownz" and identified himself as a 19-year-old in London. He told the AP that the group — or at least he — sought through hacking only to expose security vulnerabilities.
During the attack on the ESPN site, "Ownz" was asked if the collective made any demands on sites it attacked, such as demanding blackmail money.
"We will make one demand actually.. Secure your website and get better servers, otherwise be attacked again," he said.
The vulnerable internet
For James Norton, the former deputy secretary at the Department of Homeland Security who now teaches on cybersecurity policy at Johns Hopkins University, the incident was an example of how attacks on key junctures in the network can yield massive disruption.
"I think you can see how fragile the internet network actually is," he said.
Dyn officials said attacks stemmed from tens of millions of devices connected to the internet — closed-circuit video cameras, digital video recorders and even thermostats — that were infected with malware. Attacks came in waves and from IP addresses from around the world, shifting geographically.
Dyn first became aware of an attack around 7:00 a.m. local time, focused on data centers on the East Coast of the US Services were restored about two hours later. But then attackers shifted to offshore data centers, and the latest wave of problems continued until Friday evening Eastern time.
"It is a very smart attack. As we start to mitigate they react and start to throw something that's over the top," Kyle York, chief strategy officer of Dyn, on a call with reporters.
The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday. He said he had no information about who may be behind the disruption.
Security experts have recently expressed concern over increasing power of denial-of-service attacks following high-profile electronic assaults against investigative journalist Brian Krebs and French internet service provider OVH .
In a widely shared essay titled "Someone Is Learning How to Take Down the Internet," respected security expert Bruce Schneier said last month that major internet infrastructure companies were seeing a series of worrying denial-of-service attacks.
"Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services," he said.