Everything we know about Friday's DDoS attack that took down Twitter, Reddit and Spotify


On Friday, it seemed as if the world stopped spinning. For many, Twitter was down. Reddit was down. Spotify was down. CNN was down. The Guardian was down. Due to a distributed denial-of-service attack plaguing Dyn Managed DNS, a host of websites were temporarily unavailable. 

Dyn confirmed the DDoS attack in an incident report on Friday. It said that it "mainly impacted the U.S. east and is impacting managed DNS customers in this region," and added that services had "been restored to normal" about an hour later. 

Twitter down again: A second DDoS attack Friday at noon 

It wasn't over. A few minutes after noon on Friday, many sites were down again. Dyn confirmed a second DDoS attack. "Engineers are continuing to work on mitigating this issue," the site said.

Scott Hilton, executive vice president of products at Dyn, said in an email statement to Mic that this was a "global DDoS attack on our Managed DNS infrastructure in the east coast of the United States." He continued, "DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time."

Late afternoon Friday Dyn updated the incident report again. It said that "engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure." 

So who is behind the attack? 

The hackers still remain at large, but Carl Herberger, vice president of security solutions at Radware, told Mic in an email what the team was seeing in regards to the attack. 

This may have been a pointed attack on Twitter, Spotify, Reddit, etc. Herberger said that Radware believes the focus of the attack was on one or many of Dyn's customers, not Dyn itself. "We saw evidence that many service providers suffered disruptions, slowness or outages." 

Dyn told CNBC on Friday that while they still don't know who is behind the attack, the cyberattacks are "well planned and executed, coming from tens of millions of IP addresses at the same time."

How Dyn was so vulnerable to DDoS

He added that Radware "believe[s] that most companies suffering outage was collateral damage of single points of failure with their DNS services."

They are also unsure if this was related to the Internet of Things, like the attack on OVH and Brian Krebs, but that "this is a great possibility." 

Dyn confirmed to CNBC Friday afternoon that this is an IoT-related attack.

While Radware couldn't point to the scale of the attack, Herberger said it was "presumably large and complicated." 

Hilton said that Dyn has "been aggressively mitigating the DDoS attack against our infrastructure. Our first priority over the last couple hours has been our customers and restoring their performance." He said that services have been restored to normal and that they are now investigating the root cause of the attack.

"DNS companies are prone to these attacks," Herberger said. 

And Friday's cyberattacks on the east coast may be just the beginning. Stay tuned.

October 21, 2016, 4:44 p.m.: This story has been updated.