A recent cyberattack that took down large swaths of the internet around the world on Friday was carried out, in part, by unsuspecting devices connected to the internet.
Affected sites included Twitter, Etsy, Github, Vox, Spotify, Airbnb, Netflix and Reddit.
Security firm Flashpoint said it believes that digital video recorders and webcams in people’s homes were taken over by malware and then, without owners’ knowledge, used to help execute the massive cyberattack.
Dyn, which manages website domains and routes internet traffic, experienced two distributed denial of service attacks on its DNS servers. A DDoS attack is an attempt to flood a website with so much traffic that it impairs normal service.
“If you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we’re seeing today,” said Jeremiah Grossman, chief of security strategy at cybersecurity startup SentinelOne.
Hundreds of thousands of devices appear to have have been infected with the malware.
The DDoS attack overwhelmed the servers of New Hampshire-based company Dyn and came in three waves 10/21/2016 starting around 7 a.m. ET. Dyn says the attack has ended.
Initially, outages were primarily impacting those on the East Coast, but by midday Friday, people in Europe were reporting outages as well.
Dyn is part of the backbone of the internet. It works as a middleman to make sure that when you type in a URL like twitter.com, you get to the correct site.
As a result, throughout the day many users were unable to connect to popular platforms like Twitter, Netflix, Spotify and the Financial Times in various parts of the U.S. and Europe — mainly the American northeast and the U.K.
No one has claimed responsibility for the attack yet. A government official said the U.S. is “looking at all possible scenarios including possible cyber activity.”
On Friday afternoon, WikiLeaks posted a tweet asking its supporters to stop the DDoS attacks, although it was not immediately clear if they were behind it.
A senior government official told CNN that the DDoS attacks “mainly have resulted only in the slowing down of internet access to various websites on the East Coast.” The official believes these attacks were very crude attempts.
Software IT company Dynatrace monitors more than 150 websites, and found that 77 were impacted Friday. The disruption may have lost companies up to $110 million in revenue and sales, according to CEO John van Siclen.
The FBI said that it was “investigating all potential causes of the attack,” and the U.K.’s Home Office said it was looking into the matter.
So far, no one has pointed a finger at a particular group or nation. The methods used in Friday’s attack were very similar to the one carried out against the website of cyber researcher Brian Krebs last month, as well as French internet service provider OVH, according to Flashpoint. It’s unknown if the attacks are related.
After the cyberattack against Krebs, the source code used to carry out the strike was released online. Since then other hackers have been using the malware to carry out their own attacks.
While DDoS attacks are nothing new, research shows they’re becoming increasingly sophisticated and frequent.
Friday’s cyber-blitz demonstrated just how vulnerable the internet’s infrastructure is to these type of bombardments.
Amazon Web Services was also experiencing connectivity issues on Friday around the same time as the Dyn attacks. AWS is used by more than 1 million companies, including GE, News Corp. and Capital One.
“These [DDoS attacks] take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” wrote security technologist Bruce Schneier in a blog post last month.