A cyber attack that downed popular internet sites including Twitter, Paypal, Netflix and Spotify – by targeting the service that allows users to connect to them – has been resolved, US-based DNS provider Dyn says, after hours of outages that spread around the world.
The wave of several distributed denial of service (DDoS) attacks on Dyn began at 1110 GMT on Friday (8pm AEDT on Thursday). While the outages initially affected only the eastern United States, later users in Europe and Asia reported problems connecting to dozens of major websites.
In a DDoS attack, systems are intentionally flooded with data to slow or stop legitimate users from accessing them.
Dyn said it had not received any communication from the attackers and did not know who was responsible, CNBC reported. A senior US intelligence official told US broadcaster NBC that authorities do not believe the attack was state sponsored, instead identifying it as a case of “internet vandalism”.
Dyn told CNBC that Friday’s attacks were “well planned and executed, coming from tens of millions of IP addresses at the same time”.
The attacks were carried out partly through the “internet of things” – physical devices like printers and appliances connected to the internet. The hijacked devices had been infected with malware, Dyn said, according to the report.
Dyn’s services are part of the infrastructure of the internet, directing users to its client websites.
Members of a shadowy hacker collective that calls itself New World Hackers claimed responsibility for the attack via Twitter.
They said they organised networks of connected “zombie” computers that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.
“We didn’t do this to attract federal agents, only test power,” two collective members who identified themselves as “Prophet” and “Zain” told an Associated Press reporter via Twitter direct message exchange. They said more than 10 member participated in the attack. It was not immediately possible to verify the claim.
The collective, named NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks against sites including ESPNFantasySports.com in September and the BBC on December 31. The attack on the BBC marshalled half the computing power of Friday’s onslaught.
Outages monitor downdetector.com on Saturday showed service back to normal on dozens of affected websites.