How were Twitter, Netflix & Spotify Websites blocked?

Now that the dust has settled following the huge website cyber-attack on Friday 21st October, we can see how the changes in our use of technology is leading to the prospect of more attacks like this. Distributed Denial of Service (DDoS) attacks are more common than you may expect. You often only hear about the attacks when reported in the media, previous significant DDoS attacks have taken down the likes of Sony and Paypal, but they are very common.

A DDoS attack occurs when multiple (often millions) of computers are set to open a website url, the huge volume of traffic is too much for the web server to handle and it chokes, preventing the website from loading. Generally these attacks occur when peoples pc’s are compromised (an infected email is opened allowing a botnet to become present on the device, allowing a third party to remote control the device when connected to the internet), this attack was different, this time it was an attack driven through peripherals including webcams, routers and DVR’s. Also, often it is an individual website that is targeted by the hackers, this time it was a Domain Name Servers (DNS) provider called Dyn. Dyn handles the DNS for many popular websites including Twitter, Spotify and Netflix, all of which were unavailable whilst the attack was going on.

Our digital agency in Leeds hosts over 450 client websites and we have experienced issues in the past where clients have been caught up in DDoS attacks. The attack on Friday affected our clients that have Twitter feeds incorporated into their websites. Because the tweet pulls from a third party, the pages were loading slowly, because the page is not fully loaded until all of the data is present.

Client sites are hosted in London, we use a data centre with a 24/7 managed service, so we were notified that the attack was going on shortly after it started. In total there were 3 waves of attack from the devices, involving tens of millions of individual IP addresses. This was one of the biggest attacks ever to have succeeded but as we regularly monitor online activity, the frequency of these types of attacks is increasing, and now with device based attacks likely to increase, the scale of the attacks looks set to rise too.

The key things that a good website hosting service should have in place are resilience measures, meaning there is the ability to add additional hardware into the environment to cope with short term increased demand on the network, whilst the source of the issue is blocked. We also have upstream automatic DDoS detection measures in place with connectivity suppliers to ensure we have an early warning system for client notifications. Our 24/7 managed hosting service means that uptime and availability is continuously detected, so we know when there is an issue before our clients do. Your website hosting should be secure to prevent access to customer’s data, it is your responsibility under the data protection act to keep your website customers data secure.

It is also important that as owners of technology, we secure our devices by changing the factory passwords on routers, DVR’s, CCTV and other devices that connect to the internet. By protecting our own kit we are able to reduce the availability of devices that are out there and capable of being used in these types of attacks.

If you have experienced issues with website hacking or would like to discuss website security and hosting, we are more than happy to review current systems and provide expert advice.

Was this post helpful? Help others by sharing it