'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites

Originally published on October 24, 2016 2:37 pm
Copyright 2018 NPR. To see more, visit http://www.npr.org/.

SCOTT SIMON, HOST:

Disruptions rippled through the internet yesterday. Many people had trouble loading or properly using some of the most popular websites. NPR's tech blogger, Alina Selyukh, joins us. She's been following the story. She's in our studios.

Alina, thanks for being with us.

ALINA SELYUKH, BYLINE: Good morning.

SIMON: Catch us up on what's happened 'cause it's happened in literally waves.

SELYUKH: It did. There were several legs to this, and it all started about 24 hours ago, a little less than that. And we should say, to this point, we don't know who is behind this attack. But the company that was attacked is called Dyn. And you might have never heard of Dyn, but it is the kind of company...

SIMON: We sure have now.

SELYUKH: It now is in the news, and it is the kind of company that sits between you and a website that you're trying to access. When you type in a web address, it makes sure that you land exactly where you intended. And Dyn's clients are some of the most popular websites and services out there, and that's why when Dyn's servers were attacked - these attacks rolled through the entire day, lots of different locations - that's when you saw issues with Twitter, PayPal, Spotify, Netflix, even The New York Times and The Wall Street Journal.

SIMON: You say attack. I mean, we know it was an attack, not a disruption, not something else?

SELYUKH: Exactly. Dyn's servers were attacked in a major, complex hacking attack. And as a concept, the type of attack they experienced is really kind of familiar. It's called a distributed denial of service attack, and security experts see these kinds of attacks all the time. They happen when hackers take over, typically, a bunch of computers and infect them with malicious software and then use them to barrage a website or a web service with fake traffic until it caves under this overwhelming demand.

But this attack was different in two ways. First of all, this was a company that is not a website but a company that services a lot of websites. But also in this case, hackers didn't use computers. They had hijacked hundreds of thousands of internet-connected things.

SIMON: And a thing, in this context, is?

SELYUKH: It is anything that is connected to the web. Dyn says that attacks against their data centers originated from tens of millions IP addresses associated with various web-connected devices, so things like closed-circuit TV cameras, DVRs, routers. And that's pretty new kind of denial of service attack. We've all been buying these new things, connecting them to Wi-Fi. Internet wonks will call this the internet of things. And, you know, experts have been warning that these things are never secure. And, well, this is the most visible example so far of what happens when hackers hijack a tremendous number of them.

SIMON: Could this attack - could it have originated with a whole collection of gifted technologists or some guy sitting in his Jockey shorts in his studio apartment?

SELYUKH: Like I said, we don't know who was behind it. But it was a very complex staged attack that co-opted lots and lots of devices in people's homes. The specific complexity of this issue was that the devices were around the world. And Dyn says that the final incident was finally completed and resolved. As of last night, they had kicked the hackers out of all of their data servers. But of course, now there's this renewed urgency to talk about what happens when we connect all these things through the Wi-Fi without giving much thought to their security.

SIMON: And quickly, anything people can do to protect themselves?

SELYUKH: Super simple - and it's not going to surprise you - change your passwords. The malware that was linked to some of these attack devices had basically co-opted devices because they had really poor passwords on them.

SIMON: Alina Salyukh, thanks so much for being with us.

SELYUKH: Thank you. Transcript provided by NPR, Copyright NPR.