THE DAY THE INTERNET DIED
Is It Impossible?
The event had long been predicted. Most of us scoffed at the alarms, though, thinking they were merely the paranoid mutterings of conspiracy theorists, or cynical self-promotion by merchants hoping to profit from mass hysteria.
The internet couldn’t possibly fail. A few websites might be vulnerable to hacking and malware, but the backbone of the internet was decentralized, robust, and thoroughly secure. We could always count on it. The dreaded day of Electronic Apocalypse would never arrive.
The Fateful Day Arrives
On Friday, October 21, 2016, the alarmists were proven right. The first wave of attacks began early in the day: about 7:00 a.m. Eastern Standard Time. This was in the midst of “rush hour” for internet use in America, with tens of millions casually reading the news, tweeting, and reviewing their Facebook pages. Some of the most heavily trafficked web sites and internet services in the world were knocked offline, including Netflix, Reddit, Etsy, Twitter, Spotify, AirBnB, the New York Times, Sound Cloud, PayPal, and the PlayStation Network. By about 9:00 a.m. EST, the affected services were operating again. They had apparently succeeded in repelling the attacks.
The day was not over, though, and the hackers were not finished. A second wave of attacks began just before noon EST. Yet a third wave began just after 3:00 pm.
The internet outages were especially severe and prolonged on the U.S. East Coast, where most of the affected servers were located. Widespread severe outages also afflicted California, the Desert Southwest, the Pacific Northwest, some Gulf Coast states, and parts of Europe. Asia, Africa, and Latin America saw very few outages.
What Caused the Outages?
Friday’s attacks on the internet were distributed denial of service (DDoS) assaults of Dyn, an internet performance management firm that provides Domain Name System (DNS) services. Dyn described the raids as “a very sophisticated and complex attack”.
A DNS service is, in essence, an address book for the internet. Reading the web addresses we see on our browser tabs, the DNS service finds, and connects us with, the corresponding servers so we can receive the content we request.
A DDoS attack overloads a server with fake service requests, consuming its memory and bandwidth, so it has little to none left for legitimate requests. To the web surfer, it appears that requested pages are busy. The hackers prolong the outage with automatic repetition of their requests. Even innocent surfers can aggravate it by refreshing their requests from unresponsive pages.
The source of Friday’s attacks was a botnet (artificial intelligence application) called Mirai. The botnet army took control of, and then launched its attacks from, a host of lightly secured webcams, fitness monitors, location devices, DVRs, routers, and even baby monitors. The Internet of Things (IoT) is a critical point of vulnerability.
Could it Happen Again?
In the wake of Friday’s attack, many web analysts have said that we might see similar attacks disrupting the upcoming election. An Election Day internet failure, though, is unlikely to affect the presidential race much. Control of polling places and balloting is too decentralized. Internet failure could affect down-ballot races, though.
The threat of further internet outages won’t fade away soon. It could persist for months or years, even if the culprits in Friday’s attacks are caught and punished quickly. The source code for the Mirai botnet has been released to the public.
What Can You Do?
First, make sure you have a strongly-encrypted internet service, such as HughesNet. Change your passwords often for all connected devices, including webcams, DVRs, and fitness monitors. Be careful about sharing passwords or electronic devices. Every day, be careful when logging into your computer.
If you’re unsure, ask your internet service provider what it’s doing to thwart similar attacks. If there’s any good news in this episode, it’s that the FCC says providers have it in their power to prevent DDoS failures. They just need a few system upgrades. And now, of course, ISPs are aware of the need for tighter security. Friday’s outages were a loud wake-up call.
With vigilance, we can prevent the next great day of internet failure. It will require effort and close attention, but we can do it.
The enclosed map is by Level 3. It provides equipment and services for internet carriers.
For the best online security, you need a reliable connection. This is where we come in. Talk to us. We can help.