The 2016 Dyn cyber attack: What and how



Several popular websites such as Twitter and Tumblr were effected by this cyber attack


The world’s largest cyber attack was launched Oct. 21 against Dyn Incorporated, whose domain registration service was subject to two separate attacks, the first starting at 7:10 a.m. Eastern Standard Time, which ended two hours later, and the second attack starting at 11:50 a.m. Dyn was able to recover from the attack by 1 p.m., with the attack subsiding at 4:30 p.m. The domain registration service wing of Dyn, according to their official website, provides businesses the server space they need to handle traffic to their website and the websites themselves.

Businesses in a number of industries, such as The New York Times, the BBC, Business Insider, Comcast, DirecTV, Fox New, Twitter, Tumblr, Netflix, PayPal, Amazon, Spotify and many others, were affected by the attack. Dyn’s clients included the Swedish Civil Contingencies Agency of the Swedish government, which went dark during the attacks.

The attack performed was the common method known as a Distributed Denial of Service attack? also known as a DDoS, which is when a large amount of internet-connected devices simultaneously attempt to access a specific site at once, which overloads the website targeted. The attack was set up by creating a virus that planted the program in as many devices as possible, and that program simply laid there, dormant until the creator wanted to launch the attack.

The perpetrators most likely did not code the virus themselves, instead copying the code of the virus, dubbed ‘Mirai’ in this instance according to a report by the Guardian. Mirai’s entire code was shared publicly on Oct. 1 in a hacking forum. Those who simply copy released code to the public and employ it are tagged as “script kiddies,” aptly named because as a child copies an adult’s actions, a script kiddie copies the code of someone who spent the time to create it.

Many imagine megabytes, gigabytes, and terabytes as small, medium, and large; when someone unfamiliar with data conversions is told that the attack on Oct. 21 had an attack strength of 1.2 terabytes per second, it may not carry the weight behind it that it should. According to Techcrunch, 1.2 Tbps would be equal to 75 32GB iPhones being filled to capacity every two seconds. In total, this cyber attack would have filled 1,057,500 iPhones to capacity over the time of both attacks, clocking in at an approximate time of seven hours and 50 minutes.