While the morning cyberattack crippled Websites mostly concentrated on the East Coast, it appeared to be a global issue with outages reported on the West Coast and in Europe by Friday afternoon. The White House described the disruption as malicious. However, no organisation or body has come forward taking responsibility for the attack and no source has been found.
Friday saw numerous web's largest website suffer outages, when a major internet infrastructure company was struck by a large-scale distributed denial of service (DDoS) attack coming from unlikely sources.
The level of disruption was hard to gauge globally, but Dyn provides internet traffic management and optimization services to some of the biggest names on the web, including Twitter, Netflix and Visa.
The outages were blamed on what's known as a denial of service - or DDoS - attack on Dyn, a company that converts domain names of websites into IP addresses, allowing people to access their favorite sites. The good news is, such as it is, is that you're not suffering alone.
Dyn posted on its website to confirm the attack, revealing that "this attack is mainly impacting US East and is impacting Managed DNS customers in this region". "We've been monitoring Dyn for years and this is by far the worst outage event that we've observed".
If you've been having trouble sending and receiving email, listening to music on Spotify, securing a reservation on Airbnb or venting your frustration and searching for answers on Reddit Friday [some sites of which are back online as of 3:37 p.m.], you are not alone.
Though such attacks are not uncommon, Friday's incident immediately unscored the interconnected vulnerabilities for large portions of the internet, with brand-name companies affected by an attack on a single company.
There is now no evidence that the attack was intended at attaining undisclosed information for any users, and was intended only to deny access to the Dyn managed sites. Many of these botnets have emerged in recent years and they are made available on the dark web to the highest bidder - often rented by the hour. Pacific time, Dyn again said it was experiencing such an attack. Please be patient. They, too, are working on a fix.
For a DNS to be DDoS attacked, you'll notice that trying to browse the web will be hard, because the one server that takes your "BLAHBLAH.COM" to find the matching numbers is no longer responding, thus you'll get a message saying something like "This site can't be reached".
The motive for the attack and those behind it are unclear.
However, some in the United Kingdom also reported issues accessing their Twitter and Spotify accounts. "China and Russian Federation would be my first guesses".
"These [DDoS attacks] take the form of precisely calibrated attacks created to determine exactly how well these companies can defend themselves, and what would be required to take them down", wrote security technologist Bruce Schneier in a blog post last month. "We will make one demand actually".
It is not known who is to blame for the cyber attack but the Department of Homeland Security - which is now observing National Cyber Security Awareness Month - is investigating the breach. Through a distributed and coordinated attack, hackers can often bring down a computer's system for hours or even days, making the service no longer viable for users.
Dyn says service has been restored to normal as of 9:20 a.m. EST. But then attackers shifted to offshore data centers, and the latest wave of problems continued until Friday evening Eastern time.
"It is a very smart attack".
Its chief strategist told the New York Times: "This is not your everyday DDoS attack".
The Department of Homeland Security was "monitoring the situation", White House Press Secretary Josh Earnest said, but he didn't give any other information about a US response to the attack. He said he had no information about who may be behind the disruption. Not this morning, because it appears a massive Distributed Denial of Service attack targeting DNS host Dyn has knocked a big chunk of the Internet offline.
"Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services", Schneier warned.
Story by AP w riters RAPHAEL SATTER and FRANK BAJAK. Bajak reported from Houston.