Why is the Internet Broken Today?

Today, half of America’s internet was shut down when hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host.  The event served as a demonstration of how easily large swaths of the web can be wiped out if attacked by determined hackers.

Dyn released this statement following the outage:

Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

It’s horrific to know that major websites like Twitter, NetFlix, PayPal, PlayStation Network, Time Warner, Cox, Gmail, Reddit, Spotify, Etsy, Wired, Vonage, and hundreds of thousands more, can all be taken offline in an instant.  It is important for every internet user to understand DNS because it has to do with how the internet works (or in today's case, why it doesn't work). With that in focus, here is how some of the most popular websites in the world can be taken offline in a flash:

What is DNS?

Domain Name Servers (DNS) act as the internet’s address book and facilitates requests to websites.  DNS makes sure you end up in the right place every time you type a website into your browser.  As you may know, the internet (and intranet) works by using addresses (IP addresses), not names. DNS Servers translate URLs or namespaces (like https://www.google.com/) to IP addresses like (https://172.217.4.132/ go ahead, click it - and wind up at google's homepage). An analogy: You want to send a letter to your friend Brian.  If you dropped a letter addressed to “Brian,” without his address, in the mailbox, the letter would certainly not reach its destination.  If you cannot contact your DNS server, then you cannot get anywhere via URL or namespace, because they cannot be translated to their respective IP addresses.  In this case, if a DNS server hosting many online sites and services cannot be contacted, those sites and services cannot be contacted via URL.  DNS provides many additional features and functions but for the sake of this article, this basic overview should do.

How did it break today?

A DDoS attack is a common hack in which multiple compromised computers (you could very well be one of them, and statistically, several people reading this are) are used to attack a single system by overloading it with server requests. The way this works, is that the attacker uses the cumulative bandwidth of all compromised computers and networks to flood a specific host. When the cumulative bandwidth of all compromised computers is more than the available bandwidth of the host, the host becomes unreachable, as it has more requests than it can manage, and refuses new connections. In a DDoS attack, hackers will often use infected computers to create a flood of traffic in this way, from hundreds of thousands of infected machines. This type of attack is difficult for the host to identify and differentiate between a legitimate request and one coming from an attack node, so it replies to all that it can, and refuses all subsequent connections.

In the case of this morning’s attack, hackers brought down the servers of Dyn, a hugely popular DNS host, that manages sites like Amazon, Netflix, PayPal, Twitter, Zillow, Reddit, Basecamp, CNN, Etsy, Github, Grubhub, HBO Now, Imgur, Playstation Network, Squarespace, just to name a few, and hundreds of thousands of less-notable others.

When the servers of Dyn were taken down, internet browsers essentially could not figure out where to go to find the sites requested. This type of attack happens when hackers create an army of infected computers with malicious software. This is known as a Botnet. The people that are participating in the attack don’t realize their computer has been compromised and is part of this Botnet.

In 2010, Anonymous used this method to take down Paypal and Visa in protest of their freezing WikiLeaks' assets. Hence, their assets thawed quickly. In 2014, a hacker group called Lizard Squad shut down the Playstation Network and Xbox Live using this method. In 2015, a trojan virus called XOR DDoS helped hackers create a powerful botnet capable of taking down almost any server or website, worldwide. DDoS attacks occur daily, but they can be avoided.

How do we protect against these attacks?

Defending against DDoS attacks is certainly possible. Prelude to this is that the effectiveness of a solution, any solution, is directly correlated to the talent which implements it.

You don't know what you don't know. And if you don't, either find someone who does, or at least find someone who can ask better questions. I guarantee you the sites that remain unaffected by this attack are not hosted on budget providers, and they certainly don't have Doug from accounting performing a partial IT role. Some companies know this, and the others are forced to learn this, once being hit or winding up in the news. Unfortunately, we see companies learn the hard way, daily, and sometimes, it's by leaking or losing your and my creditcard, identity, and medical information. We see this in the media: companies being hacked and/or simply overlooking security. Target, Home Depot, Experian, Sony, Anthem, LastPass, and BitDefender, just to name a few. A key takeaway here is that a company should not begin the discussion with "how do we defend against DDoS attacks?". The better question is "How do we defend against all attacks today and tomorrow?"

The internet security arena is similar to many others in the way that its the good guys versus the bad guys. White hats versus Black hats. The only problem here is that the White hats have previously been exclusive to Fortune 100 companies, hence, very few companies outside of Fortune 100 have access to any "good guys." (Quick throwback to an article I wrote last year: 68% of H1B Visas in the US are afforded to IT personnel. The majority of those are given to information security talent). For a company to sponsor an H1B Visa, they must prove that the position cannot be filled domestically. If Fortune 100 companies haven't been able to satiate their hunger for cyber security talent for the last several years running, how will you?

At Augury IT, this talent is included under our managed IT service agreements. And this is just one of many points of disruptive differentiation we have in the market. Furthermore, you will be surprised at how inexpensive our services can be. How can we be inexpensive? Because you pay us to know, not to learn. We don't learn on your dime. We provide robust, reliable fixes and build solid, secure infrastructures. We implement unity and robustness by braiding your many threads of technology into a single, uniform rope. And we provide this service and talent on an unlimited, flat-fee basis to small and mid-sized companies. Also notable is that we maintain a 100% client retention rating. Instead of profiting from your problems, we invest in your company's success and well-being. Find out what you don't know and contact us today for a free network assessment, complete with technology health status and risk analysis.

Guess who's not having these issues today: Our clients.