SAN FRANCISCO --- For millions of people on Friday, it felt as if someone had pulled the plug on the internet.
A series of malicious cyber attacks — known as distributed denial of service, or a DDoS attack — took down Dyn, an internet infrastructure company that, among other things, provides domain name services, online traffic management and email connectivity to hundreds of companies.
That meant that beginning around 7 a.m. EDT, Web traffic to companies that use Dyn to operate their sites came screeching to a stop.
The attack may turn out to be among the biggest in history, as mounting evidence pointed to similarities between Friday's attack and a record-setting assault last month that shut down the website of a security journalist using compromised devices from the Internet of Things.
Any number of devices — televisions, smart watches, alarm clocks, vacuum cleaners, children’s toys and anything else with an internet connection — are vulnerable to being infected and, without their owners’ knowledge, used in that kind of attack.
It was, security experts said, a reminder of how vulnerable the internet can be and supported fears that DDoS attacks may be growing stronger in their ability to shut down wide swaths of the internet with a single, targeted strike.
The FBI and U.S. Department of Homeland Security were monitoring the situation, White House spokesman Josh Earnest told reporters Friday. He said he had no information about who may be behind the disruption, and no one immediately came forward to claim responsibility or demand cash. Extortion is a common motivation for such attacks.
One thing security experts could say with certainty was that the assault on Dyn was no ordinary DDoS attack. It was much, much bigger.
“It's not unusual that Dyn was attacked — Dyn, and other DNS providers, are pretty common targets of attack. What’s unusual is that they were able to take Dyn down,” said Jeremiah Grossman, SentinelOne’s chief of security strategy. “That's actually quite difficult to do.”
Dyn and other DNS providers link the letters of a website’s URL — such as www.post-gazette.com — to its numerical IP address.
DDoS attacks launch large quantities of phony traffic, usually co-opted from hacked devices, at a company’s servers in order to overload the system and shut down its ability to respond to real users.
Friday’s attack, which was characterized as malicious by the White House, targeted New Hampshire-based Dyn and impacted internet users across the country.
The reach and economic impact of the shutdown was not immediately clear. Many companies have contingency plans in place to offset the damage done by such an outage.
But customers and small businesses that rely on websites like Twitter or Etsy to do business are the most affected. Unless the website or app they use can reroute its operations and get back online, there’s nothing a customer can do but wait.
“I am pulling my hair out trying to figure out what I am going to do because I lost an entire day of work,” said Taylor Nikolai, CEO of Viral Spark, which does social media consulting.
For some, Twitter was down nearly half the day.
The list of affected companies included some of the most frequented websites online: Amazon, Netflix, Twitter, Kayak, Spotify, Airbnb, Reddit, SoundCloud, Shopify, GitHub and Etsy.
And it stopped traffic to news outlets like the Boston Globe, CNN, Wired and The New York Times.
Dyn said the onslaught of junk traffic crippling its servers seemed to be coming from tens of millions of IP addresses from around the world.
Several security firms pointed out that the attack was reminiscent of a record-sized attack launched against cybersecurity journalist Brian Krebs’ website last month.
Friday’s first major assault lasted about two hours. A second attack began just before 9 a.m. and lasted about an hour. A third began in the early afternoon.
In the midst of the attack, Wikileaks’ official Twitter account sent out a message to its “supporters” calling for restraint. It was not immediately clear if, or how, Wikileaks or its supporters may have been involved in the attack. Wikileaks founder, Julian “Assange is still alive and WikiLeaks is still publishing,'” the tweet said. “We ask supporters to stop taking down the U.S. Internet. You proved your point.”'
Amazon, Zendesk and other companies rerouted their domain operations through different service providers to mitigate the damage from the attacks on Dyn.
While the first attack largely impacted internet users on the East Coast, subsequent assaults appeared wider-reaching, with people in California and other parts of the U.S. reporting connectivity issues, as well as some in parts of Europe and Asia, according to several outage-monitoring sites.
The Associated Press contributed to this report.
First Published October 21, 2016, 2:32pm