This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2016/10/22/business/internet-problems.html

The article has changed 12 times. There is an RSS feed of changes available.

Version 3 Version 4
No, It’s Not Just You. The Internet Is (Still) Having Problems. No, It’s Not Just You. The Internet Is (Still) Having Problems.
(35 minutes later)
Major websites were temporarily inaccessible to many users in the United States on Friday, after a major domain host reported two large distributed-denial-of-service attacks on its servers. SAN FRANCISCO Major websites were temporarily inaccessible to some East Coast users in the United States on Friday morning and early afternoon, after a company that serves as an internet switchboard said it was under attack.
Though the initial problems appeared to be resolved in just over two hours, they had resumed by the afternoon. Users reported problems reaching a range of websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud, The New York Times and others.
Users initially reported problems with Twitter, Netflix, Spotify, Reddit, Etsy, SoundCloud, The New York Times and others. Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts call a distributed denial-of-service attack just after 7 a.m. Friday. The company, based in Manchester, N.H., said it had fended off the assault by 9:30 a.m. But by 11:52 a.m., Dyn said it was again under attack.
Dyn, a domain name system host that monitors and reroutes internet traffic, said it began experiencing an attack just after 7 a.m. Friday that affected mostly users on the East Coast. Around 9:30 a.m., it said in a statement that service had been “restored to normal.” A distributed denial of service attack, or DDoS, occurs when hackers flood the servers that run a target’s site with internet traffic until it stumbles or collapses under the load. Such attacks are common, but there is evidence they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers.
Just after noon, however, Dyn announced that it was again experiencing an attack, and, once again, users of sites including Twitter and Spotify reported more problems. The new outage appeared to affect West Coast cities like Los Angeles, as well. Going after companies like Dyn can cause far more damage that aiming at a single website.
“Our engineers are continuing to work on mitigating this issue,” Dyn said in a statement on its site. Dyn is one of a number of outfits that host the Domain Name System, or DNS, which functions as a switchboard for the internet. The DNS translates user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.
In this case, the attack was aimed at Dyn’s infrastructure that supports internet connections on the East Coast. While the attack did not affect the websites themselves, it blocked or slowed users trying to access those sites.
Kyle York, Dyn’s chief strategist, said in an interview Friday morning during a lull in the attacks, that the assaults on its servers were very complex.
“This was not your everyday DDos attack,” Mr. York said. “The nature and source of the attack is still under investigation. We will be updating our users as soon as we learn more.”
Mr. York said his company and others that host the core parts of the internet’s infrastructure have been a target for an increasingly complex number of more powerful DDoS attacks. Companies that host these services have said they have seen more sophistications variations of DDoS attacks that deploy multiple attack methods, making them increasingly difficult to defend against.
“The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise,” Mr. York said.
In its most recent DDoS trends report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in DDoS attacks from April through June of this year, compared to the same period last year.
The attacks were not only more frequent, they were bigger and more sophisticated. The typical size of an attack had more than doubled. What’s more, the attackers were simultaneously using different methods into computer networks, making them harder to stop.
The most frequent target, by far, were businesses that provide internet infrastructure services like Dyn.
“DNS has often been neglected in terms of its security and availability,” Richard Meeus, the vice president of technology at NSFOCUS, a network security firm, wrote in an email. “It is treated as if it will always be there in the same way that water comes out of the tap.”
Just last month, Bruce Schneier, a security expert and blogger, wrote on the Lawfare blog that someone had been probing the defenses of companies that run critical pieces of the internet.
“These probes take the form of precisely calibrated attacks designed to determine exactly how well the companies can defend themselves, and what would be required to take them down,” Mr. Schneier wrote. “We don’t know who is doing this, but it feels like a large nation state. China and Russia would be my first guesses.”
It is still far too early to determine who was behind Friday’s attacks, but it is exactly this type of DDoS attack that has election officials concerned. They are worried that an attack could keep citizens from submitting votes.
Thirty-one states and the District of Columbia allow internet voting for overseas military and civilians. Alaska allows any Alaskan citizens to do so. Dr. Barbara Simons, the co-author of Broken Ballots and a member of the board of advisors to the Election Assistance Commission, the federal body that oversees voting technology standards, said she had been losing sleep over this exact situation.
“A DDoS attack could certainly impact these votes and make a big difference in swing states,” Dr. Simons said Friday. “This is a strong argument for why we should not allow voters to send their voted ballots over the internet.”
Earlier this month the Director of National Intelligence, James Clapper, and the Department of Homeland Security accused Russia of hacking the Democratic National Committee in an apparent effort to impact the presidential election. There has been intense speculation about whether President Obama has ordered the National Security Agency to conduct a retaliatory cyberattack and the potential backlash this might cause from Russia.
Vice President Joseph R. Biden Jr. said on the NBC News program “Meet the Press” this month that the United States was prepared to respond to Russia’s election attacks in kind. “We’re sending a message,” Mr. Biden said. “We have the capacity to do it.”
But technology providers in the United States could suffer blowback. As Dyn fell under recurring attacks Friday, Mr. York, the chief strategist, said such assaults were the reason so many companies are pushing at least parts of their infrastructure cloud computing networks, to decentralize their systems and make them harder to attack.
“It’s a total wild, wild west out there,” Mr. York said, as he guzzled his 12th cup of coffee for the morning.