On Friday, October 22nd, Twitter, Spotify, Reddit, and other companies that use the company called Dyn to direct users to its website were offline. Security analysts concluded that hackers used internet-connected home devices to attack the Dyn company. Dyn is an DNS service, “a crucial part of web infrastructure” that acts as an “internet phonebook” which directs internet users to certain websites.
Millions of internet addresses were subject to the attack. Security analysts say that the internet connected home devices, such as CCTV, web-cams, and printers, that come with easy-to-guess and unchangeable usernames and passwords created a massive vulnerability for the “Internet of Things” devices. Websites hosting a variety of different services that do not use Dyn were also affected by the attack including BBC News and Amazon Web Services.
The notable part of this attack, aside from it’s scale, is that it denotes a change in tactic and strategy of online attackers and hacker, not a single website but a huge internet service provider. Further, the hackers were not targeting personal computers or servers, they were targeting household products that one would not normally think would be subjected to hacking.
This attack has shocked the cyber world and showcased just how fragile and vulnerable the internet infrastructure is. To put it short, as the head of security for Salesforce tweeted, “[i]n a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”