On the morning of Oct. 21, many of the world’s most trafficked websites—including Twitter, Netflix, Reddit, Paypal, and Spotify—were unreachable for users on the East Coast of the U.S. due to a Distributed Denial of Service (DDoS) cyberattack on the domain name system (DNS) provider Dyn DNS. DDoS attacks are among the most common types of cyberattacks, but last week’s was one of the largest attempts ever.
DDoS attacks work similarly to overwhelming a waiter at a restaurant with orders. If there are many people flooding a restaurant simultaneously, then many will have to wait a long time before their order is taken. In cyberspace, a server can become overloaded with connection requests to the point where it reacts with a total denial of all connection requests and the websites can no longer be accessed. Servers are designed to handle a very large amount of requests; therefore, an attack of this scale would have to be thoroughly organized and involve a large number of devices.
This kind of coordinated attack is usually done with the help of automated bots. Bots have many legitimate uses, but for cyberattacks, they are particularly powerful because they have the capacity to send out multiple connection requests at a time. Cyberattacks can become even more powerful when bots send these connection requests from many devices at once. Typically, bots are distributed by viruses that can function in the background of a running computer without the user even being aware of their presence.
Last Friday’s attack did not target the websites themselves; instead, it attacked the DNS. The DNS is what a computer uses to match a website name to an actual IP address—its precise location in cyberspace. Dyn DNS became overwhelmed with requests impeding its ability to perform and handle requests. The Dyn DNS malfunction stopped users from connecting to the proper IP addresses even though the websites themselves were fully functional.
DDoS attacks are becoming more and more common and powerful, causing a great deal of concern for the future—given that there is ever increasing reliance on online sources for everyday activities. Molly Sauter, a PhD candidate in communication studies at McGill with a focus on hacker culture, stated that protection from this type of attack is most important for Business-to-Business (B2B) connection websites. These sites pull together information scattered around the world into one spot, such as Twitter, SoundCloud, and many of the sites that were affected by last week’s attack.
Many sites—especially those with confidential or financial information—are equipped with safety features such as two-step login verification, asking the user to type in a special code or check off a box to prove that they are not a robot. Steps like these are being added more frequently to websites as an added security measure against cyberattack bots.
Sauter mentioned that the best—and possibly the only—way to control cyberattacks of this nature is to support politicians and political parties who promise to bolster internet regulation, as cyberattacks are currently illegal. Even with website safety features in place, it is impossible to completely control DDoS and other types of cyberattacks by technological means, meaning that political power over the internet will become increasingly important for the future. If illegal internet activity is not regulated by some governing body, then DDoS and other types of cyberattacks have the potential to become more frequent and powerful.