Share on Social Media:

THE DAY THE INTERNET DIED

Internet_outage_map_October_2016

Is It Impossible?

The event had long been predicted. Most of us scoffed at the alarms, though, thinking they were merely the paranoid mutterings of conspiracy theorists, or cynical self-promotion by merchants hoping to profit from mass  hysteria.

The internet couldn’t possibly fail. A few websites might be vulnerable to hacking and malware, but the backbone of the internet was decentralized, robust, and thoroughly secure. We could always count on it. The dreaded day of Electronic Apocalypse would never arrive.

The Fateful Day Arrives

On Friday, October 21, 2016, the alarmists were proven right. The first wave of attacks began early in the day: about 7:00 a.m. Eastern Standard Time. This was in the midst of “rush hour” for internet use in America, with tens of millions casually reading the news, tweeting, and reviewing their Facebook pages. Some of the most heavily trafficked web sites and internet services in the world were knocked offline, including Netflix, Reddit, Etsy, Twitter, Spotify, AirBnB, the New York Times, Sound Cloud, PayPal, and the PlayStation Network. By about 9:00 a.m. EST, the affected services were operating again. They had apparently succeeded in repelling the attacks.

The day was not over, though, and the hackers were not finished. A second wave of attacks began just before noon EST. Yet a third wave began just after 3:00 pm.

The internet outages were especially severe and prolonged on the U.S. East Coast, where most of the affected servers were located. Widespread severe outages also afflicted California, the Desert Southwest, the Pacific Northwest, some Gulf Coast states, and parts of Europe. Asia, Africa, and Latin America saw very few outages.

What Caused the Outages?

Friday’s attacks on the internet were distributed denial of service (DDoS) assaults of Dyn, an internet performance management firm that provides Domain Name System (DNS) services. Dyn described the raids as “a very sophisticated and complex attack”.

A DNS service is, in essence, an address book for the internet. Reading the web addresses we see on our browser tabs, the DNS service finds, and connects us with, the corresponding servers so we can receive the content we request.

A DDoS attack overloads a server with fake service requests, consuming its memory and bandwidth, so it has little to none left for legitimate requests. To the web surfer, it appears that requested pages are busy. The hackers prolong the outage with automatic repetition of their requests. Even innocent surfers can aggravate it by refreshing their requests from unresponsive pages.

The source of Friday’s attacks was a botnet (artificial intelligence application) called Mirai. The botnet army took control of, and then launched its attacks from, a host of lightly secured webcams, fitness monitors, location devices, DVRs, routers, and even baby monitors. The Internet of Things (IoT) is a critical point of vulnerability.

Could it Happen Again?

In the wake of Friday’s attack, many web analysts have said that we might see similar attacks disrupting the upcoming election. An Election Day internet failure, though, is unlikely to affect the presidential race much. Control of polling places and balloting is too decentralized. Internet failure could affect down-ballot races, though.

The threat of further internet outages won’t fade away soon. It could persist for months or years, even if the culprits in Friday’s attacks are caught and punished quickly. The source code for the Mirai botnet has been released to the public.

What Can You Do?

First, make sure you have a strongly-encrypted internet service, such as HughesNet. Change your passwords often for all connected devices, including webcams, DVRs, and fitness monitors. Be careful about sharing passwords or electronic devices. Every day, be careful when logging into your computer.

If you’re unsure, ask your internet service provider what it’s doing to thwart similar attacks. If there’s any good news in this episode, it’s that the FCC says providers have it in their power to prevent DDoS failures. They just need a few system upgrades. And now, of course, ISPs are aware of the need for tighter security. Friday’s outages were a loud wake-up call.

With vigilance, we can prevent the next great day of internet failure. It will require effort and close attention, but we can do it.

The enclosed map is by Level 3. It provides equipment and services for internet carriers.

For the best online security, you need a reliable connection. This is where we come in. Talk to us. We can help.

Share on Social Media:

BRAVE NEW (AD-BLOCKING) BROWSER

Do you hate internet ads? Are you fed up with autoplay videos that distract you, slow down your browser, and consume an inordinate share of your data allotment? Brandon Eich says he has a solution for you.

A few years ago, Eich was the CEO of Mozilla. He was hounded out of his job by a Twitter mob over a small donation to a political cause. He has not been idle since then, though, and now he is poised to compete with his old employer.

Eich and his partners have raised $4.5 million in seed money for an ad-blocking browser to be called Brave. Eich says it will begin operating in September.

Unlike other browsers, in which the ad-blocking function is handled by third-party supplements or extensions. Brave has it built in. Brave says that its desktop version will be 40% to 60% faster than the competition, and the version for mobile devices will be two to four times faster than comparable browsers. Both desktop and mobile versions will consume far less data, and will dramatically extend battery life. Brave will feature several privacy and security functions: malware filtering, phishing protection, script blocking, fingerprint shields, and support for data encryption via HTTPS Everywhere.

Earlier this year, Eich said that Brave will insert its own ads, but they will not inhibit performance. The ads will be placed “only in a few standard-size spaces” found by a cloud robot, and will target users “only by a highly re-identifiable cookie”. In other words, targeting will be anonymous. You won’t have to give up your personal information to advertisers, as you would when using most other browsers.

The Brave ad platform has not been universally popular. In April, more than a dozen U.S. news organizations, including the New York Times Company, Dow Jones (owner of the Wall Street Journal), and the Gannett Corporation (owner of USA Today) sent a letter to Eich, claiming that it is “blatantly illegal”. Eich says that Brave has discussed the program with top New York publishers since then, and he believes they will learn to accept it. “If there is a role for ads”, he says, “they have to be fewer and more effective.”

(To get the most out of your browser, you need a reliable internet connection. Talk to us. We can help.)