What’s a DDOS, and why can’t I get to Twitter?

We don’t yet know who is behind today’s massive disruption of Internet services, but it’s pretty clear how they’re doing it. They’re using people’s unprotected routers, smart doorbells, smart thermostates, security cameras, and other “Internet of Things” devices as a zombie army.
 
I’ll give an explanation of what’s going on, but first, let me urge you to make sure that any network-connected devices you have in your business or home network is NOT still using the default, factory-original password, but that you’ve set good, smart passwords for everything. If you do that, it’s less likely your device can be used as part of a “botnet” — a group of devices that have been compromised.
 
There are two main parts to what the attackers are doing. First, these hackers have used programs to rapidly scan through thousands upon thousands of Internet addresses to see if they can find a way into a private network, and into the devices on that network. If these automated hacking programs find networks and devices that aren’t properly protected, they plant their own malicious software on the devices, but leave the devices operating normally, so the users don’t know anything is wrong.
 
Once the devices are compromised, then the hackers send instructions to the malicious software, and tell it to start sending as many requests as it can to particular servers on the Internet, in order to flood those servers with more traffic than they can handle, effectively shutting them down. The term used is a Distributed Denial-of-service attack, or DDOS.
 
In today’s attack the servers that are being attacked aren’t web sites, but DNS servers – Domain Name Servers. They’re essentially directories, matching the names of websites and other servers (like www.<insertnamehere>.com) to the numeric Internet addresses of the actual servers those sites exist on.
 
Here’s an analogy: Imagine a receptionist in a large office building, who is frequently asked by people coming into the building for the office number of one of the building’s occupants. On a normal day, the receptionist gets a few questions an hour, and things go smoothly. Now imagine that for some reason, a hundred protesters crowd the lobby, all asking over and over for office numbers, just to be obnoxious. The poor guy can’t possibly answer everyone effectively, nor can he tell who is one of the protestors, and who is someone who is legitimately trying to find a business in the building.
 
That’s not a perfect analogy, but you get the picture. You’re just trying to use Twitter, or stream some music from Spotify, or connect to the cloud-based system you use to run your business, but your computer’s request for the address of the Internet site is getting lost in the crowd of all the bogus requests from the compromised devices, so it can’t make a connection.
 
The current cyberattacks are being investigated by the FBI and the Department of Homeland Security. I don’t expect they’ll say anything about the source of the attacks until they’ve taken some direct action about it. For now, the company that has been the primary target has taken steps to protect themselves. However, it’s not likely that this is the last time we’ll see such a widespread disruption.
 
Update your passwords, folks! Don’t know how? Feel free to use the contact form here on my website to ask any questions you might have.
References: