Cyberattacks on Twitter, Paypal, Spotify, others using Dyn

LizKat

macrumors 603
Original poster
Aug 5, 2004
5,320
29,798
Catskill Mountains
Dyn is a "little known internet infrastructure company"

The outages were intermittent, making it difficult to identify all the victims. But technology news site Gizmodo named some five dozen sites that were affected by the attack. They included CNN, HBO Now, Mashable, the New York Times, People.com, the Wall Street Journal and Yelp.

http://www.reuters.com/article/us-usa-cyber-idUSKCN12L1ME

Breaking news banner on Reuters also indicates a third wave of attacks is now being fended off.
 

bradl

macrumors 601
Jun 16, 2008
4,006
11,823
A decent list, courtesy of Gizmodo:
  • ActBlue
  • Basecamp
  • Big cartel
  • Box
  • Business Insider
  • CNN
  • Cleveland.com
  • Etsy
  • Github
  • Grubhub
  • Guardian.co.uk
  • HBO Now
  • Iheart.com (iHeartRadio)
  • Imgur
  • Intercom
  • Intercom.com
  • Okta
  • PayPal
  • People.com
  • Pinterest
  • Playstation Network
  • Recode
  • Reddit
  • Seamless
  • Spotify
  • Squarespace Customer Sites
  • Starbucks rewards/gift cards
  • Storify.com
  • The Verge
  • Twillo
  • Twitter
  • Urbandictionary.com (lol)
  • Weebly
  • Wired.com
  • Wix Customer Sites
  • Yammer
  • Yelp
  • Zendesk.com
  • Zoho CRM
  • Credit Karma
  • Eventbrite
  • Netflix
  • NHL.com
  • Fox News
  • Disqus
  • Shopify
  • Soundcloud
  • Atom.io
  • Ancersty.com
  • ConstantContact
  • Indeed.com
  • New York Times
  • Weather.com
  • WSJ.com
  • time.com
  • xbox.com
  • dailynews.com
  • Wikia
  • donorschoose.org
  • Wufoo.com
  • Genonebiology.com
  • BBC
  • Elder Scrolls Online
  • Eve Online
  • PagerDuty
  • Kayak
  • youneedabudget.com
  • Speed Test
  • Freshbooks
  • Braintree
  • Blue Host
  • Qualtrics
  • SBNation
  • Salsify.com
  • Zillow.com
  • nimbleschedule.com
  • Vox.com
  • Livestream.com
  • IndieGoGo
  • Fortune
  • CNBC.com
  • FT.com
  • Survey Monkey
  • Paragon Game
  • Runescape

BL.
 

zioxide

macrumors 603
Dec 11, 2006
5,725
3,711
Most people don't realize these things happen constantly. This is just a bigger scale than most.

This is why big sites like the ones listed should be using redundant DNS servers.
 

Videomanmac

Suspended
Apr 3, 2015
416
507
Most people don't realize these things happen constantly. This is just a bigger scale than most.

This is why big sites like the ones listed should be using redundant DNS servers.
Redundancy?! Backups?! What are those?

This is a very serious attack, and it will only get worse!
 

chown33

Moderator
Staff member
Aug 9, 2009
8,357
4,337
Gourd City
Additional info here:
http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/

But this second wave of attacks appears to be affecting even more providers. According to Dan Drew, the chief security officer at Level 3 Communications, the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices.

Drew explained the attack in a Periscope briefing this afternoon. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack."

I'm also curious to see how today's following revelation plays out:
http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.
[Emphasis added]

The pervasiveness and the length of time it's been present means that most Linux-based devices, including routers and things like Raspberry Pi boards, will need patching. That process should keep DDoS's an exciting participatory sport for a while.
 

LizKat

macrumors 603
Original poster
Aug 5, 2004
5,320
29,798
Catskill Mountains
(on the list, unobtrusively) Cleveland.com
Someone's interested in the Series? They should wait until Cubs-Dodgers sorts out in the NLCS.

(this year I'm finally burning my hat if Cleveland doesn't win although it's hard not to favor the Cubs).
 

steve knight

macrumors 68030
Jan 28, 2009
2,596
6,958
Obama is the one who threatened a cyber war.
[doublepost=1477106924][/doublepost]This hit took down a few of our systems plus github which made working a pain in the ass today.
trump asked Russia to halt the us how soon they forget. so oboma is just dealing with the donald's traitorous actions.
 

A.Goldberg

macrumors 68020
Jan 31, 2015
2,325
7,638
Boston
Surely a Obama-Clinton dream team false flag capture the flag operation. :rolleyes:

I'm surprised no one has said this yet.
 

vrDrew

macrumors 65816
Jan 31, 2010
1,317
11,832
Midlife, Midwest
In this day and age, a DDos attack seems like a very crude cyberweapon to be using. Not that they don't present a serious nuisance to a great many businesses and organizations, but they don't really pose a threat to the national security of the US.

I think the serious concern is the fact that they used Internet-of-Things devices to deploy it. A bit of a wakeup call for anyone using such devices in their homes or offices or any other place where security may be lacking, and patches may be out of date.

It's hard to speculate who might be responsible for this sort of attack. Obviously a well-funded state actor is one possibility, but there are others.
 

thekev

macrumors 604
Aug 5, 2010
6,667
1,738
In this day and age, a DDos attack seems like a very crude cyberweapon to be using. Not that they don't present a serious nuisance to a great many businesses and organizations, but they don't really pose a threat to the national security of the US.
How so? There are obviously indirect vulnerabilities and more subtle vulnerabilities. A DDoS attack is simple and effective. The whole point is to overwhelm the infrastructure. Also quoting myself to look like an egomaniac

You don't bring a gun to a shovel fight.
 

vrDrew

macrumors 65816
Jan 31, 2010
1,317
11,832
Midlife, Midwest
Setting the dumpster behind a competitor's business on fire is "simple and effective." But it doesn't really help you achieve your financial goals.

And that's the thing. A DDos attack is a nuisance to the people and businesses of the United States. But it doesn't affect the critical core infrastructure of the nation. It doesn't touch our power grid; our air traffic control systems; it doesn't affect our military, intelligence, or Government's ability to access secure telecommunications. It doesn't affect our banking or financial system. It doesn't affect the ability of our healthcare system to provide service.

It's a nuisance. If it were robust enough, and persistent enough, it might very well negatively impact the quarterly earnings of Amazon and Google; Netflix and a lot of other companies. But it wouldn't put them out of business. And within a few weeks, they'd not only fix the problem, but put in place robust systems to make sure it was would be immeasurably more difficult to pull off again.