Friday, October 21, 2016

"This Is Probably Why Half the Internet Shut Down Today [Update: It’s Happening Again]"

There was a reason we made such a noise about the IoT DDoS attacks three weeks ago:
Details Emerge On The Big Internet-of-Things Hack: This Is Just Sick
and:
Uh Oh: Internet Security Pro Hit By Botnet Made Of Internet-of-Things Connected Cameras
This is very bad.

From Gizmodo:
Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.

Update 12:28 PM EST: Dyn says it is investigating yet another attack, causing the same massive outages experienced this morning. Based on emails from Gizmodo readers, this new wave of attacks seems to be affecting the West Coast of the United States and Europe. It’s so far unclear how the two attacks are related, but the outages are very similar.

In order to understand how one DDoS attack could take out so many websites, you have to understand how Domain Name Servers (DNS) work. Basically, they act as the Internet’s phone book and facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter. Some websites are coming back for some users, but it doesn’t look like the problem is fully resolved.

Dyn posted this update on its website: “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”

Here’s a list of websites that readers have told us they are having trouble accessing:

ActBlue
Basecamp
Big cartel
Box
Business Insider
CNN
Cleveland.com
Etsy
Github
Grubhub
Guardian.co.uk
HBO Now
Iheart.com (iHeartRadio)
Imgur
Intercom
Intercom.com
Okta
PayPal
People.com
Pinterest
Playstation Network
Recode
Reddit
Spotify
Squarespace Customer Sites
Starbucks rewards/gift cards
Storify.com
The Verge
Twillo
Twitter
Urbandictionary.com (lol)
Weebly
Wired.com
Wix Customer Sites
Yammer
Yelp
Zendesk.com
Zoho CRM
Credit Karma
Eventbrite
Netflix
NHL.com
Fox News
Disqus
Shopify
Soundcloud
Atom.io
Ancersty.com
ConstantContact
Indeed.com
New York Times
Weather.com
Mashable
WSJ.com
time.com
xbox.com
dailynews.com
Wikia
donorschoose.org
Wufoo.com
Genonebiology.com
BBC
Elder Scrolls Online
Eve Online
PagerDuty
Kayak
youneedabudget.com
Speed Test
Freshbooks
Braintree
Blue Host
Qualtrics
SBNation
Salsify.com
Zillow.com
nimbleschedule.com
...MORE

See also Gizmodo's "Today's Brutal DDoS Attack Is the Beginning of a Bleak Future"

On the other hand, and on another subject, different from the DNS servers, our little site is hosted on Google's servers which would probably register a 2 million bot DDoS attack as "Say, we've got a 5% blip in traffic" (the goog gets a lot of traffic) and which allows us to take a more sanguine view of things:

From Dilbert.com:

Elbonians Will Rue The Day - Dilbert by Scott Adams

See also: "Cloud Computing: One 'hiccup' and 'boom' - Amazon Web Services is 'gone'--Cisco President (AMZN)" and Econophysics: Or Why, When it Comes to Economics, We All Behave like Particles"
Where synchronization is going to get very interesting is when some critical mass of businesses migrate to cloud computing, say Amazon's Amazon Web Service, and someone takes down AWS.  
Unlike the good old days where a computer problem put one company at risk you'll have dozens, hundreds or thousands of companies frozen, all their economic activity halted at the same time. 
That's synchronization baby!