Last Friday, a whole bunch of big-name websites, including Amazon, Twitter, Netflix, Etsy and Reddit, had service outages thanks to a huge attack on network provider Dyn. That company provides managed web traffic for quite a number of large companies. A series of Distributed Denial of Service (DDoS) attacks forced many of those sites to go dark for a period of time, some lasting into the weekend.
Some of the above may have sounded like gibberish, but it has become the reality in today's world of technology. For all the talk of Wikileaks and Russian hackers during the presidential election, very few people who don't work in a tech field understand what hacking is, how it works, why it is perpetrated and what, if anything, to do about it.
First, what happened to Dyn and its customers on Friday was not a hack. Hacks typically involve breaking into a computer system or network. DDoS attacks, on the other hand, are all about traffic. Not unlike freeway gridlock, DDoS attacks are the flooding of computer networks with traffic to such a degree that servers slow down dramatically or even grind to a halt.
To illustrate, imagine if, during your normal rush-hour commute, ten times as many drivers tried to enter the same freeway as you. Now, imagine 100 times or 1,000 times. The result would be gridlock and a complete traffic standstill. This is essentially what happened to Dyn.
Under normal circumstances, a company like Dyn and its customers have more than enough server power to handle all kinds of complex transactions. Take Amazon. Thousands upon thousands of people go on there every day, do searches, make purchases, leave comments and so on. The site can even handle the upticks that occur on Black Friday or its online cousin, Cyber Monday. But crank up the level exponentially, and even Amazon can't manage.
We Believe Local Journalism is Critical to the Life of a City
Engaging with our readers is essential to the mission of the Houston Press. Make a financial contribution or sign up for a newsletter, and help us keep telling Houston’s stories with no paywalls.
Support Our Journalism
Second, DDoS attacks aren't normally carried out by some dudes hopped up on Red Bull in a grimy basement lit only by the flickering monitors covered in lines of code. The simplest come from one Internet address (IP addresses in Internet parlance). More sophisticated attacks can come from thousands of individual IP addresses, or tens of millions, as was the case on Friday. This is done through software that exploits vulnerable computers and technology (including smart home devices, phones and the like), forcing them to aid in their dirty work.
The attack on Dyn was particularly sophisticated and may have even involved the use of webcams, ones that were, in fact, the subject of a recall because of security concerns.
Last, who cares? There has been some discussion among those not in the technology world that if you are forced to wait a little while to post an angry Trump comment on Reddit or reply to a tweet or buy a knitted beer cozy on Etsy, it's not that big of a deal. The problem is that this can be devastating for companies that earn a living from that very traffic we all take for granted. Spotify's losing millions of plays means musicians don't get paid for that loss. Shipping companies lose revenues from products that are never shipped. There is a ripple effect that can have devastating and even lasting impacts on commerce, especially given our increasing dependence on technology for goods and services.
And, unfortunately, with DDoS attacks, there isn't much that can be done. Companies can prepare for them, even try to mitigate the impacts, but if 10,000 cars tried to get onto a one-mile stretch of I-10 during an already crowded traffic jam, it's going to take a while to untangle that bottleneck. In the world of technology, the DDoS attack remains one of the most difficult to guard against and, as a result, the most effective for people wanting to wreak havoc on the Internet.