Internet Disrupted Across Canada, U.S. as Key Firm Gets Hit by Cyberattack

‘Collateral damage’ is being cited as the most likely cause for Canada’s involvement in the series of internet outages that swept across North America and parts of Europe Friday.
Cyberattacks on Dyn, a key internet firm, repeatedly disrupted the availability of popular websites across the United States Friday, according to analysts and company officials.
More than a dozen major websites experienced outages and other technical problems, according to user reports and the web-tracking site downdetector.com.
They included The New York Times, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, EA, the Playstation network, and others.
Manchester, New Hampshire-based Dyn Inc. said its server infrastructure was hit by distributed denial-of-service (DDoS) attacks, which work by overwhelming targeted machines with junk data traffic.
Carmi Levy, a CTV Technology Analyst, described a DDoS attack similar to a pitchfork wielding mob showing up at your door, and only being disruptive enough to make sure you can’t leave or get anything done
“Nobody breaks in, nothing is stolen, no data is compromised, but for all intents and purposes your life is put on hold,” Levy said.
The level of disruption was difficult to gauge, but Dyn provides internet traffic management and optimization services to some of the biggest names on the web, including Twitter, Netflix and Visa. Critically, Dyn provides domain name services, which translate the human-readable addresses such as “twitter.com” into an online route for browsers and applications.
Steve Grobman, chief technology officer at Intel Security, compared an outage at a domain name services company to tearing up a map or turning off GPS before driving to the department store. “It doesn’t matter that the store is fully open or operational if you have no idea how to get there,” he said in a telephone interview.
Analysts say that the border-less nature of the internet means that you could be anywhere in the world and still experience issues trying to load up certain pages. With Dyn providing services to 6% of Fortune 500 company websites, the outages are widespread.
Levy says that while DDoS attacks on things like specific websites are common, an attack of this scale is relatively new.
“We’ve seen some speculation that this is a state-sponsored attack, or a state involved attack, and the only reason that is on the radar is because typically only a state would have the resources required to execute an attack like this in one fell swoop,” said Levy.
However, he added that it could also be the hacker group Anonymous, or a group of hackers pooling their resources together to co-ordinate the attack.
Dyn said in a series of statements that it first became aware of the attack around 7 a.m. local time and that services were restored about two hours later. A little more than two hours later, the company said it was working to mitigate another attack. A Dyn spokesman didn’t respond to questions seeking further information about the online onslaught.
Levy said that, with the size of this attack, he wouldn’t be surprised if there are residual effects throughout and past the weekend.
The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday. He said he had no information about who may be behind the disruption.
A DDoS attack can be a simple way to do a whole lot of damage, said Carmi
“You don’t have to steal a lot of data to cause damage,” he explained.
“By causing an entire swath of internet to go dark, you can essentially cause the wheels of the economy to grind to a halt, and that’s damaging in and of itself”
In a widely shared essay titled “Someone Is Learning How to Take Down the Internet,” respected security expert Bruce Schneier said last month that major internet infrastructure companies were seeing a series of worrying denial-of-service attacks.
“Someone is extensively testing the core defensive capabilities of the companies that provide critical internet services,” he said.
With Files from Canadian Press and Associated Press