What happened yesterday to American websites is something serious and with few precedents, it was in fact one of the biggest global attacks on the network . A group of hackers has in fact unleashed a massive Distributed Denial of Service (DDoS) attack on the servers of the company Dyn, one of the main DNS hosts.
It is not yet clear exactly who carried out the attack and why, but it is still a sensational event that served as a demonstration of how the internet can easily be wiped out by very determined and capable people.
Large sites like Twitter, Spotify, Reddit, Etsy, Wired and PayPal as well as most of the American online newspapers have therefore been inaccessible for hours and now that everything seems to be back in order it is worth understanding how it was possible to put the internet offline, such as they did, what DDos means, and how it can happen that attacking a single company can put a large area of the world web offline.
Quite simply, what happened can be understood by making an analogy.
Just imagine DNS as a phone book that associates names with phone numbers.
On our mobile phone, trying to call "Claudio", the phone app associates the name Claudio with the number 324543534 which is difficult for us to remember by heart.
If, however, the address book no longer works, the telephone, when asked to call Claudio, would not know at all which number to call.
Likewise, without DNS, we would not be able to go to Google by writing www.google.it, but we would have had to remember a numeric address of the type 2a00: 1450: 4001: 814 :: 2003 (in IPv6), which would be impossible to remember.
On DNS servers that number is associated with the word google.it, and allows us to reach the Google site quickly and easily.
DNS is used to translate a request, such as a website's internet address, into an IP address.
Whenever you are browsing the web, opening dozens of tabs, requesting to view many websites, the computer opens a significant number of transmissions looking all over the world to get the right information and provide what is requested.
Well, what happened was a cyber attack on a DNS management company, which keeps online the directory of websites and keeps associations between site names and corresponding IP addresses.
Dyn, which manages the DNS address book, has been decommissioned making thousands of websites inaccessible and apparently offline .
Hackers used a fairly mundane and simple type of attack, the one called Ddos or Distributed Denial of Service, which I had already talked about in the past.
As demonstrated in a video example of how a Ddos attack occurs, to send a website or service like DNS offline, hackers can simulate a simultaneous connection to that site's server by millions or billions of computers.
To simulate all this traffic they can use zombie computers around the world (computers always on and connected to the internet, but not controlled by anyone).
It is as if a billion users suddenly came to Navigaweb.net to read the articles; the computer where the site resides would end up with a billion requests that it would not be able to satisfy, therefore going haywire.
If this connection attack is repeated, the site will remain offline until the Ddos attack stops or until you can divert this traffic or duplicate the service.
You can see a real-time map of all the Ddos attacks that are registered in the world on this site
When Dyn's servers were hit by this Ddos attack, they went haywire and the DNS address book went offline .
Our browsers have no longer been able to understand where to go to find the information to be loaded on the screen and sites such as, for example, Twitter, seemed to be offline.
The data of a big service like that of Twitter is clearly not hosted on a single computer.
Much of your data is duplicated and stored on servers in different regions so that users, both in New York and Rome, can access the site faster.
It is not that hackers attacked Twitter, which is a site capable of supporting even a billion users connected at the same time, much easier to attack the DNS DNS service managed by the Dyn company.
During the attack, Twitter was, in reality, online and alive, only that to reach it it was necessary to write the IP address of the server where it is hosted on the browser.
To date, Ddos attacks against some sites have always been fairly frequent, but generally only used to boycott some services such as credit cards or against national government sites.
This against the DNS company, on the other hand, is a very worrying precedent, above all because it has highlighted a major vulnerability of the global internet .
In practice, to an organized hacker group, it would be enough to attack all the companies that manage DNS (which are not many) at the same time, to knock down the entire network and put everyone offline.
By targeting these companies that fuel invisible but essential processes for the backbone of the Internet, hackers can break down all types of services, without going to touch the target sites.
The challenge remains open, because if companies like Dyn are working to avoid any Ddos attack, it is equally certain that hackers will always find new ways to attack.
