World Association of Newspapers and News Publishers

Massive DDoS attack disrupted major internet services, including news media

World News Publishing Focus

World News Publishing Focus
Your Guide to the Changing Media Landscape

Massive DDoS attack disrupted major internet services, including news media

Among the impacted services were some of the biggest online services, such as Twitter, Netflix, Spotify, Airbnb and Reddit, the New York Times reported. Also many news media websites, such as those of Mashable, CNN, the New York Times, the Wall Street Journal, were unreachable during the attacks, according to the Guardian

The outage was caused by distributed denial-of-service (DDoS) attacks against Dyn, an internet infrastructure company. The attacks came in three waves, the company said in a statement, causing the its servers on the East Coast of the US to be unable to reach some of its clients’ websites. Dyn said the “sophisticated” attack involved 10s of millions of IP addresses, and that the company would be reporting more details about the attack after finishing a thorough analysis. 

DDoS attacks against individual websites are not new, and also news publishers have been targeted in the past. What made the attack against Dyn particularly damaging was that the company offers Domain Name System (DNS) services, “essentially acting as an address book for the internet”: taking out their servers can therefore cause outage for the entire internet for any user whose DNS requests pass through those servers, the Wired reported

The IT security reporter Brian Krebs published a thorough examination of the attack based on what is currently known. He pointed out that hacked “Internet of Things” (IoT) devices, such as web-connected cameras, DVRs and home routers, had been harnessed for the attack, and that there are “millions” insecure IoT devices out there, “ripe for being abused in these sorts of assaults”. The Dyn attackers used Mirai malware, which makes it easy for anyone to build a “botnet” that could be used for a DDoS attack.

According to the Washington Post, a hacker collective called New World Hackers claimed responsibility of the attacks against Dyn, presumably to highlight internet security vulnerabilities.

The expansion of IoT devices that have little or no security protection is proving to be a major cybersecurity headache, and regulators are waking up to the issue. The European Commission is reportedly drafting new cybersecurity requirements to improve IoT security, aiming to create some sort of a labelling and certification standard. Krebs, on the other hand, suggests creating an “industry security association” that would maintain standards that its members need to adhere.

The latest attack gives cause for concern that new attacks could be in the horizon, potentially causing even bigger damage. Some worry that the day of the US election could be an opportune time for such an attack.

UPDATE: Activist groups Anonymous and New World Friday have claimed credit for the attacks, saying it was retaliation for the cutting off internet access for Julian Assange by the Ecuadorian government. However, digital security researchers and US officials warn that there is little evidence to identify who was behind the attack, and both groups have falsley taken credit for cyberattacks in the past, Politico reported.

Meanwhile, Chinese company Hangzhou Xiongmai Technology Co Ltd announced it would recall some of its products that were used in the attacks, Reuters reported.


Teemu Henriksson's picture

Teemu Henriksson


2016-10-24 13:50

Author information

The news publishing industry is experiencing transformation at an ever-growing pace, with new policy issues arising as the landscape changes.

We will be examining policy discussions that will define the news publishing environment of the future, the key topics being internet governance, privacy and copyright. Click here to learn more about our work.

WAN-IFRA Media Policy team and experts.

© 2020 WAN-IFRA - World Association of News Publishers

Footer Navigation