At some point Friday morning, one of the U.S.'s critical internet infrastructure players was hit with a staggering distributed denial of service (DDoS) attack that took out huge swaths of the web. Sites like Twitter, Netflix, Spotify, Reddit, and many others — all clients of a domain registration service provider called Dyn — have suffered crippling interruptions and, in some cases, blanket outages.
Details are now emerging about the nature of the attack. It appears the cause is what's known as a Mirai-based IoT botnet, according to security journalist Brian Krebs, who cited cyber-threat intelligence firm Flashpoint. Dyn's chief strategy officer Kyle Owen, who spoke with reporters this afternoon, later confirmed Flashpoint's claim, revealing that traffic to its servers was clogged with malicious requests from tens of millions of IP addresses in what the company is calling a "very sophisticated and complex attack."