The Dyn attack highlights the internet’s surprisingly vulnerable centralization

The Dyn attack highlights the internet's surprisingly vulnerable centralization

Last Friday, a coordinated attack of unknown origin brought down a broad swath of the web, cutting down sites from Github to Spotify to Twitter. Unlike thieves who steal data, this hack—known as a DDOS attack—just brings down websites by crippling the reference service called DNS. It’s like ripping up the phonebook.

In this case, someone was able to shut down a company called Dyn by capturing a massive number of computers and directing them at Dyn all at once. Here are the gory details.

Over the past year or so, someone with a lot of resources appears to have been probing the capabilities of major web sites. In strategically targeting Dyn, the attack highlighted the surprisingly vulnerable centralization that remains at the heart of web architecture.

Oct 24, 2016

More about this

Who really controls the web?

Edited by Hayden Higgins

Karlsruhe HBF. Credit: Pierre Metivier.

"To protect DNS, ICANN came up with a way of securing it without entrusting too much control to any one person. It selected seven people as key holders and gave each one an actual key to the internet." Every three months since 2010, cryptography officers participate in a secret key ceremony designed to keep the web secure.

Oct 24, 2016

"Each other connects to each other"

You might hear otherwise, but the Dyn attack had nothing to do with the United States "giving away the internet," as Republicans have suggested. ICANN declined to renew its contract with the Commerce Department, and will instead assume those responsibilities itself. A spokesman demurred poetically on the question of control, saying "It's human nature that everybody wants to find out who is in charge ... but that is not something you can do with the Internet. Each other connects to each other."

Four states suing the federal government to stop the ICANN handover dropped their suits Friday.

Oct 24, 2016

The dangers of botnets

From the Radiolab vault: "Darkode," an episode with the story of a man who helped build botnets before turning his back on hacking. A botnet called Mirai was instrumental in Friday's attack.

Oct 24, 2016

“Control” over the entirety of the internet is a concept based on a broken understanding of what the internet is and what it’s become since the first packet switches were installed in UCLA labs in 1969.

Ted Cruz is mad about the United States relinquishing control over the web, but the technically simple task of DNS obscures a "political kudzu" worthy of this longread on ICANN's genesis and future.
↩︎ Fusion

Oct 24, 2016

How Saudi Arabia was able to kill .gay, and other domain stories

ICANN's most politically contentious area of control is really cosmetic: it controls top-level domains, the postfixes on URLs. Because governments sit on its advisory committees, these domains are politically influenced. For example, Saudi Arabia was able to get .gay rejected.

Perhaps the general internet user should have an ombudsman on that council, too. Tech reporters are passing around a 2008 memo that suggests that controlling tendency might go too far at times, entertaining the possibility of allowing domains with the same names as common file types.

I briefly pondered a future where ICANN takes an active role in policing internet security

Extremely briefly https://t.co/v3FyithLPU
— sarah jeong (@sarahjeong) October 22, 2016

The evidence is strong that “user confusion” would indeed result from URLs that look like filenames. The only case like this in operation is .zip, and it’s the internet’s shadiest neighborhood.

Oct 24, 2016

More Headlines

A room wallpapered in (presumably unread) New Yorkers. Credit: lars_o_matic.

The Editors' Longreads Picks

115

More to see

A very stupid thing begins again. Credit: TMN.