As dawn broke on the eastern seaboard of the U.S. on October 21, 2016, a wave of chatter spread online concerning some of the largest websites on the planet. The likes of Twitter, CNN, and Reddit were unreachable by millions of people. What at first appeared to be a random and chaotic situation was soon understood to be a calculated attack on Dyn, a company at the core of the world Internet backbone.
The depth and breadth of the Internet today is staggering. From social media titans to portals into our most sensitive financial institutions, leading news organizations to local small business websites, almost everything on the Internet relies on a technology known as “Domain Name Servers” to function.
At its core, DNS acts like one massive phonebook for the Internet. It is a complex system that ensures Internet traffic gets to the correct destination. For example, if you tried to reach CNN’s website on Friday morning, your computer wouldn’t look in the DNS “phonebook” for www.cnn.com, but instead for CNN’s equivalent location, known as an I.P. address. This string of numbers is unique to CNN and is used to tell all traffic – no matter its global origin – where to look for the latest version of that website.
Overall, DNS is a great tool that keeps the information superhighway running efficiently all day, every day. But any unified global system comes with its own set of challenges. For DNS that means a massive reliance on a small number of upstream providers.
While there are many DNS companies around the world, many of them still aggregate traffic up to larger entities like Dyn. This makes the DNS backbone fairly centralized and vulnerable to a coordinated and sustained attack.
Anatomy of a DDoS attack
So how do you go about attacking DNS and, by extension, the Internet at large? One way is to target the largest DNS providers and hope your attack has a cascading effect that brings down a host of sites.
The latest analysis on Friday’s attack on Dyn indicates that is precisely what an unknown hacker (or hackers) did. By mobilizing millions of machines around the world for a coordinated strike on Dyn, the attacker was able to overwhelm Dyn’s infrastructure and bring their DNS to a sudden halt.
Securing the Future
In the wake of an attack like the one on Friday, it’s natural to feel more than a little vulnerable. The Internet is a fragile technology and one that needs constant protection to keep safe and online.
In recent years industry experts have talked more frequently about ways to decentralize the core of DNS, a move that would better insulate end users against downtime during a DDoS attack. While the idea is sound, there are a number of challenges standing between us and a truly decentralized DNS.
For one, the so-called upstream companies that handle so much of the DNS routing today have a vested interest in protecting that business. Despite Friday’s outage, companies like Dyn are very good at what they do, and they want to continue to support as much DNS traffic as possible.
Second, moving from a centralized to a decentralized model of DNS would require massive infrastructure upgrades. Funding the construction and maintenance of new DNS infrastructure is no small task, particularly when several large companies already handle it today.
If anything, Friday’s outage should be a lesson to us all about how much further we have to go with Internet security. Stay safe!