Skip to Content

Massive Internet Outage Could Be a Sign of Things to Come

Hackers have shown how they could take down the Internet.
October 21, 2016

On Friday morning, large swaths of the U.S. experienced a major Internet outage—and it was the kind of large-scale takedown of which security expert Bruce Schneier recently foretold.

The outage, which appears to have mainly affected the U.S. and predominantly the East coast, began at around 7:10 a.m. ET on Friday. Among the sites that suffered were Twitter, Reddit, Spotify, the New York Times, and even our own. (Update: A second attack hit Dyn at 11:52 a.m. ET. It is working to resolve the issue.)

It appears to have been caused by a large distributed denial of service (DDoS) attack leveled at the servers of the domain name system (DNS) host Dyn. A DDoS attack typically overwhelms a server with data requests in order to prevent normal users from having their own queries answered. The DNS is a large database that, among other things, converts a simple domain name into a more complex IP address from which data can be retrieved. Taking down a DNS server means that a user’s browser can’t use it to resolve which IP address to fetch the files of a Web page from.

Dyn appears to have responded to the outage quickly, mitigating the attack and restoring the function of its DNS records in around two hours. But during that time many users found it impossible to load some pages and site traffic fell dramatically.

DDoS attacks are nothing new. But Schneier has pointed out that they could soon become increasingly problematic. “Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them,” he explained in a blog post. “These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated.”

In fact, Schneier pointed out last month that a new wave of attacks also seems to be more investigative than previous DDoS assaults. Many of the attacks appear to be testing servers rather than taking them offline, by gradually increasing barrages of requests at one part of the server to see what it can withstand, then moving on to another, and another. Schneier warned that “someone is learning how to take down the Internet.”

The Dyn attack was clearly more than a test, and its severity certainly fits with Schneier’s hypothesis that someone, somewhere is trying to learn how to cause widespread disruption. The question of who is behind attacks like this, though, remains unanswered. Criminals are unlikely to be motivated by such attacks, as there’s little to gain from them other than widespread disruption. That lends some weight to Schneier’s suggestion that a large nation state, such as China or Russia, could be developing large-scale DDoS capabilities. Though it’s impossible to say for sure.

The good news is that the DNS is by definition a distributed database: copies of the same information can be found across the Internet. That makes it fairly robust. But as the Dyn incident reveals, it still takes time for DNS hosts to recover from attacks. If hackers were to take down several servers at once, the effect could be even more pronounced—a threat that could yet be realized.

Keep Reading

Most Popular

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

It’s time to retire the term “user”

The proliferation of AI means we need a new word.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

Sam Altman says helpful agents are poised to become AI’s killer function

Open AI’s CEO says we won’t need new hardware or lots more training data to get there.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.