Actu
DDoS on Dyn Impacts Twitter, Spotify, Reddit - expert comment
October 2016 by Expert
It has emerged that a number of popular sites and services are down right now for many users, including Twitter, SoundCloud, Spotify and Shopify. The cause appears to be a sweeping outage of DNS provider Dyn, as a result of a DDOS attack, according to a post on Hacker News.
Other sites experiencing issues include Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they’re located, as some European and Asian users seem not to be encountering these issues.
Please see below for expert comments from Varonis and Comparitech.
Lee Munson, security researcher for Comparitech.com:
“O-M-G… Twitter is down.That’s what you may have heard many of your friends, family members and work colleagues saying today if they were based in the US and some other parts of the world.
“The reason being, online criminals have once again gone after a significant site with a DDoS attack.
“Not Twitter, or other popular and equally affected sites such as Spotify, Reddit, Github and SoundCloud though, but rather DNS provider Dyn.
“And that highlights a problem – any company running its own website may well have its own technology in place to mitigate DDoS attacks, but it’s all for nought if the DNS provider itself is not applying a sufficient enough level of protection to its own servers and data centres.”
David Gibson, VP of strategy and market development at Varonis;
"Like many of our aging technologies, DNS wasn’t built with security in mind. Unfortunately, DNS is a foundation technology for the internet that allows people to connect to internet resources with human names rather than IP addresses (think of them as internet phone numbers), and when its vulnerabilities are exploited attackers can do a lot of damage – computers don’t know which “phone number” to call when you want to connect to a particular site, like Hacker News. DNS is one of the aging technologies the industry is struggling to update, along with one-factor authentication (password-only security), unencrypted web connections – the list is very long, and the stakes have never been higher. Many people and organisations are affected by today’s attack and by the email and file (e.g. video) leaks over the past couple months."
