Twitter, Spotify, Reddit, Soundcloud, PayPal and several other well-known sites have been briefly hit by web attacks.
The attack - which happened in stages - lasted several hours, and mostly affected users in the US and parts of Western Europe. Photo: 123RF
All the firms are customers of a company called Dyn, which they use to help users find their sites online.
In quick succession on Friday (Saturday NZT), Dyn was swamped by a series of attacks that made the sites of its customers temporarily hard to reach.
It was not clear who was behind the attack or why Dyn was hit. The FBI and US Department of Homeland Security said they were investigating.
Reddit, Twitter, Etsy, Github, Soundcloud, Spotify and many others were all reported as being hard to reach by users throughout the attack, which lasted several hours.
Access to sites such as the New York Times, Paypal, Pinterest and Tumblr, as well as some cable firms, was also reported as being intermittent.
The outages started in the eastern US and then spread to other parts of the country and Europe.
Change in web attack tactics
In a statement on its website, Dyn posted information about the incidents and said it had been subjected to Distributed Denial of Service (DDoS) attacks.
These attempt to overwhelm servers by bombarding them with huge amounts of data.
The first DDoS attack started early on Friday morning in the US and mostly affected the east of the country. The initial impact of the attack made some sites harder to reach as queries sent to locate them took longer to process.
PayPal said the web attacks prevented some customers in "certain regions" from making payments. It apologised for the inconvenience and said that its networks had not been hacked.
In a message posted to Twitter, and widely shared, Github said a "global event" was affecting Dyn, which had made its site hard to reach.
A global event is affecting an upstream DNS provider. GitHub services may be intermittently available at this time.
— GitHub Status (@githubstatus) October 21, 2016
Another attack started later that day, which Dyn said used the same tactics as the first. A similar list of Dyn customers became harder to visit as a result.
Soon after the second attack was reported, the Department of Homeland Security said it was looking into "all possible causes" of the attacks on Dyn.
Amazon's web services division, one of the world's biggest cloud computing companies, reported that the issue temporarily affected users in Western Europe. Twitter and some news sites could not be accessed by some users in London late on Friday evening (Saturday NZT).
The incidents mark a change in tactics as DDoS attacks are more typically aimed at a single site. Dyn acts as a directory service for huge numbers of firms, which helps customers keep global address books up to date with the location of their domains.
Dyn said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai.
Richard Meeus, from security company NSFocus, said the attack showed how critical domain directory services were to the running of the net and how that they had often been "neglected" security-wise.
"It is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on," he said.
- BBC / Reuters
