On October 21, 2016, three consecutive
distributed denial-of-service attacks were launched against the
Domain Name System (DNS) provider
Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America.[3][4] The groups
Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.[5]
The
US Department of Homeland Security started an investigation into the attacks, according to a
White House source.[30][31][32] No group of hackers claimed responsibility during or in the immediate aftermath of the attack.[33] Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks.[34]Barbara Simons, a member of the advisory board of the United States
Election Assistance Commission, said such attacks could affect
electronic voting for overseas military or civilians.[34]
Dyn disclosed that, according to business risk intelligence firm FlashPoint and
Akamai Technologies, the attack was a
botnet coordinated through numerous
Internet of Things-enabled (IoT) devices, including
cameras,
residential gateways, and
baby monitors, that had been infected with
Mirai malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect Inc., another security firm.[35] Dyn stated that they were receiving malicious requests from tens of millions of
IP addresses.[6][36] Mirai is designed to
brute-force the security on an IoT device, allowing it to be controlled remotely.
Cybersecurity investigator
Brian Krebs noted that the source code for Mirai had been released onto the Internet in an
open-source manner some weeks prior, which made the investigation of the perpetrator more difficult.[37]
On 25 October 2016, US President Obama stated that the investigators still had no idea who carried out the cyberattack.[38]
On 13 December 2017, the Justice Department announced that three men (Paras Jha, 21, Josiah White, 20, and Dalton Norman, 21) had entered guilty pleas in cybercrime cases relating to the Mirai and clickfraud botnets.[39]
Perpetrators
In correspondence with the website Politico,
hacktivist groups SpainSquad,
Anonymous, and New World Hackers claimed responsibility for the attack in retaliation against
Ecuador's rescinding Internet access to
WikiLeaks founder
Julian Assange, at their
embassy in London, where he had been granted
asylum.[5] This claim has yet to be confirmed.[5] WikiLeaks alluded to the attack on
Twitter, tweeting "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point."[40] New World Hackers has claimed responsibility in the past for similar attacks targeting sites like
BBC and
ESPN.com.[41]
On October 26, FlashPoint stated that the attack was most likely done by
script kiddies.[42]
A November 17, 2016, a Forbes article reported that the attack was likely carried out by "an angry gamer".[43]
On December 9, 2020, one of the perpetrators pleaded guilty to taking part in the attack. The perpetrator's name was withheld due to his or her age.[44]