What is a DDoS and why was Twitter down all day?
A big chunk of the internet was down today, which you probably noticed (unless someone printed this Medium post out for you). I just saw this hilarious image of Fox News anchors trying to explain what happened and figured that there might be a lot of confused people today — if you’re one of those people, I’m here to help!
Here’s the top line, jargon-filled explanation of what happened: someone used a DDoS attack to take down a popular DNS host called Dyn to shut down a lot of websites all at once. Now, let’s break that down.
What’s a DNS host?
DNS stands for Domain Name System, and it’s like the address book in your phone. When you want to call someone, you only need to remember their name, not their phone number. Well websites (and every computer on the internet) have a phone number called an IP Address, and a DNS host is where your computer looks up that phone number when you type the website’s name into your browser. Have you ever dropped your phone in the toilet and lost all of your phone numbers? That’s exactly what it’s like when a DNS goes down.
In this case, the DNS host was a company called Dyn, and it was used by a bunch of big Internet companies, including Twitter.
Well how does a DDoS take a DNS host down?
DDoS stands for Distributed Denial of Service, and it basically means that someone has lots of computers (like, hundreds of thousands of them) all trying to access the same website at the same time to overwhelm it and shut it down.
You should think of a DDoS attack like sinking a ship by putting holes in it. The crew is ready to bail out a certain amount of water, so in order to sink the ship (take the website down) the attacker needs to be able to fill faster than they can bail.
To take down a big, well prepared website like a major DNS host, you need to put a lot of holes in the ship — which is why the Internet doesn’t go down every day.
Well who did this and how did they do it?
We’re still not sure who did this and we might not ever know. Figuring out who carried out an attack (called Threat Attribution in the infosec world) is really hard. There are a lot of theories flying around, and at least one hacker group has already claimed responsibility, but it’s worth letting the dust settle before you take any of that at face value.
But while we don’t know who did it, we do know how they did it. Attacks of this scale are almost always carried out by botnets. A botnet is like a zombie army of computers — a virus spreads and silently infects all of the computers. Then, when the attacker wants to do something, they activate the virus and order all of the infected computers to attack the same target.
I can’t live without Twitter! Is this going to keep happening?
Lately there have been several huge DDoS attacks which indicate that more attacks like this could keep happening. However, an attack of this size is really hard to pull off, and once it happens, we can build up defenses to keep the same person from doing the same thing again. Today was a wake-up call for internet companies that we’ve centralized a lot of the internet’s infrastructure and made it easier to knock down a lot of big companies at once.
If you have other questions about what happened today, tweet me at @iamb.
B is the CEO and co-founder at Clef. If two-factor authentication has been in your backlog for months, but still hasn’t gotten prioritized, check out Clef’s new product Instant2FA.com — it’s two-factor authentication that takes minutes to integrate instead of weeks.
