An attack takes down retailer, social media and other e-commerce sites
October 21, 2016 11:04 AM
Problems experienced by Internet users resurfaced midday Friday across the United States after starting in the morning and primarily affecting the Eastern U.S. The morning issues appeared to have eased after a couple of hours, with most sites back online after web-hosting services were invaded by hackers, but a new round of similar problems began about noon.
Dyn Inc., a significant Domain Name Server that facilitates the loading of web pages, said service was restored at 9:20 a.m. New York time after a DDoS, or distributed denial of service, attack that left people without access to Shopify Inc., Etsy Inc., Twitter Inc., Spotify, Reddit and The New York Times, among other sites. But about noon Eastern, a new attack was underway. "We have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue," Dyn posted on its status page. Shortly before 2 p.m., Dyn said it was continuing to investigate and mitigate several attacks.
Many sites, from Amazon.com Inc. to Pinterest to eBay Inc., experienced a spike in outages midday Friday, according DownDetector.com, a site based in the Netherlands that collects status reports and disruptions on websites.
At Shopify, the e-commerce software provider started experiencing problems at 7:47 a.m. Eastern on Friday. “We are aware of reports that some Shopify apps for all shops are experiencing problems. Our operations engineers are looking into it. Sorry for the inconvenience—we’ll have a solution for this soon!” At 9:15 a.m. it reported that a fix had been implemented and Shopify was monitoring results. At 10:07 a.m. the problem was resolved: “We’ve fixed the problem and all stores are functioning normally. Thanks for your patience!”
Shopify is No. 132 in the 2017 Leading Vendors to the Top 1000 and the e-commerce platform provider to 12 clients in the Top 1000, including Barstool Sports, No. 947 in the Internet Retailer 2016 Top 1000, Bourbon & Boots Inc. (No. 986) and Golfland Warehouse Inc. (No. 976).
Rod Ford, CEO of Bourbon & Boots, says he noticed problems Friday morning and again midday. The retailer’s web monitoring systems, which ping the site for connectivity, alerted him to the issue, as did a look at sales numbers, which were down by about a third in the morning, he says.
Bourbon & Boots reached out to customer using its email list, which has 400,000 subscribers, to explain that the site was having issues and it communicated with customers via private message on social media channels such as Instagram, Facebook and Twitter, Ford says. Some customers submitted orders via email when they couldn’t connect to the site, he says, and he’s trusting that others will return later.
“We contacted Shopify and have continued to be in touch,” he says. “You could argue that it’s the price you pay for using someone else for the [web-hosting] service, but this is my third e-commerce business that I started from scratch. When you have your own servers, you still have issues.”
At Etsy.com some users were unable to access the site Friday morning, which Etsy acknowledged at 7:45 a.m. Eastern. At 9:29 a.m., Etsy said, “We’ve temporarily disabled payments via Paypal through Etsy while we work with our providers to resolve this issue and will update with further information shortly.” At 9:53 a.m., Etsy posted, “All connectivity issues should now be resolved and Paypal payments have been reenabled. We’ll be keeping a close eye on things in case of further issues.”
In an Etsy community forum about technical “bugs,” an Etsy administrator wrote at 10:02 a.m., “The connectivity issues we experienced early this morning should now be fully resolved. We're keeping an eye out for any continued issues, so please let us know if you notice any changes. Thank you for your reports!”
Separately, Amazon Web Services said on its “service health dashboard” site that it has identified the root cause of the internet issues affecting users along the East Coast, without elaborating further, and is “currently working to resolve.” It wasn’t immediately clear if the web outages were related, or whether Amazon Web Services was also the victim of a hack.
In targeting the internet’s DNS, the attackers exploit the underlying technology that governs how the web functions, making the hack far more powerful and widespread.
The DNS translates website names into the Internet Protocol addresses that computers use to look up and access sites. But it has a design flaw: Sending a routine data request to a DNS server from one computer, the attacker can trick the system into sending a monster file of IP addresses back to the intended target. Multiply that by tens of thousands of computers under the hackers’ control, and the wall of data that flooded back was enormous.
Brian Krebs, the blogger behind KrebsonSecurity.com, wrote Friday that the size of "DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks."
The attack on Dyn comes just hours after Dyn researcher Doug Madory presented a talk on DDoS attacks in Dallas at a meeting of the North American Network Operators Group, Krebs wrote. "I have no data to indicate that the attack on Dyn is related to extortion, to Mirai or to any of the companies or individuals Madory referenced in his talk this week in Dallas. But Dyn is known for publishing detailed writeups on outages at other major Internet service providers. Here’s hoping the company does not deviate from that practice and soon publishes a postmortem on its own attack," he wrote.
Bloomberg News contributed.