Stories
Slash Boxes
Comments

SoylentNews is people

Breaking News
posted by takyon on Friday October 21 2016, @08:26PM   Printer-friendly
from the breaking-the-net dept.

I just tried to access my Paypal account, and apparently it is down.

Companies including Twitter, Netflix, PayPal and eBay appeared to have their websites broken. And other services like PlayStation Network appeared to be hit by a major outage:

http://www.independent.co.uk/life-style/gadgets-and-tech/news/netflix-twitter-internet-down-not-working-broken-paypal-ebay-facebook-instagram-a7374506.html

Update: Internet service appears to stablize after waves of cyber attacks


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Friday October 21 2016, @08:31PM

    by Nerdfest (80) on Friday October 21 2016, @08:31PM (#417405)

    There have been two waves of DDOS attacks so far. The Level3 heatmap of the affected areas look pretty interesting; it's very US focused.

    • (Score: 2) by Geotti on Friday October 21 2016, @08:37PM

      by Geotti (1146) on Friday October 21 2016, @08:37PM (#417408) Journal

      I bet "strong evidence" will point to Russia again...

      • (Score: 3, Insightful) by forkazoo on Friday October 21 2016, @09:49PM

        by forkazoo (2561) on Friday October 21 2016, @09:49PM (#417439)

        It's certainly not impossible that Russia is involved (or at least will be blamed), and the timing right after the US was preparing a proportional response is interesting. That said, what's Russia's motive to attack US DNS for some sites? I don't think anybody has really sorted out the true target, so it's hard to really talk about apparent motive yet. It'll be a bit different if it was a protection racket against Dyn rather than for example using Dyn as an attack vector against Pay Pal.

      • (Score: 1, Troll) by Gaaark on Friday October 21 2016, @10:49PM

        by Gaaark (41) on Friday October 21 2016, @10:49PM (#417454) Journal

        "Let's blame it on the: RussianChineseNorthKoreansWhoEverTheAmericans/HillaryWantToPinItOnMaybeEvenTheDonaldSittingFatlyOnHisCouchWhileEvillyStrokingSomePussySomewhereYeahProbablyLetsBlameItOnTheDonaldAndHisPussy"

        (Hillary in talks with the FBI/NSA about who to blame (and then immediately forgets the conversation EVAH happened).)

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
        • (Score: 3, Insightful) by Ethanol-fueled on Friday October 21 2016, @11:29PM

          by Ethanol-fueled (2792) on Friday October 21 2016, @11:29PM (#417460) Homepage

          Snowden warned about that exact same thing a year or two ago, that the NSA's power could be used to impersonate a foreign power (aka false-flag attack) and lead to war.

          Russia knows that the people are pissed off at their government and other elites, so it wouldn't try to go after services which hurt the people themselves. The whole embarrassment of Hillary thing or Snowden being a Russian operation is plausible, but attacking civilian internet infrastructure is not -- Russia wants the American people to know what's going on in the world. The American government are the ones who want to keep their own people in the dark, especially ever since they lost the war of public opinion during the Vietnam War era. The powers that be, in allowing the common man internet access, overestimated the internet as a means of control and underestimated the internet as a means of awakening.

          Snowden, patriot or spy, warned that the NSA infrastructure was a "turnkey surveillance state." What you just witnessed was the final test of its effectiveness.

          • (Score: 1, Troll) by gnuman on Saturday October 22 2016, @12:58AM

            by gnuman (5013) on Saturday October 22 2016, @12:58AM (#417482)

            people are pissed off at their government and other elites

            Except there is no elites. It's just another name for scapegoats because it is not so good to pick on blacks, Jews, disabled, or gay these days. So whoever invented "elites" just taps into the same bullshit.

            Being pissed off and throwing revolutions has worked out very well in other parts of the world. Just see Libya and Syria as prime examples. Only peaceful transitions of power and fuckton of hard work have ever managed to improve things for the regular Joe. But these also requires these Joes to actually *think* about policies they stand behind instead of just "being pissed" and go along with whoever has "answers that feel right".

            Who I really blame for this bullshit are the politicians. They make people pissed on purpose to gain votes. People are too stupid to see through this so they are led along like cows by their noses.

            • (Score: -1, Troll) by Ethanol-fueled on Saturday October 22 2016, @01:09AM

              by Ethanol-fueled (2792) on Saturday October 22 2016, @01:09AM (#417485) Homepage

              So instead of the word "elites," I will use the word, "Jews."

              Not only literally, in the case of the treacherous buddies from Israel wanting to forcefully draw America into war with Iran and exploit as usual America for its own gain; but figuratively, as in, all of the Gentiles in congress and the media who are greedy for money and accept bribes from Israel (paid by the Americans' own tax dollars) in exchange for loyalty to a nation not their own.

              Larry Wall himself couldn't have stated it more simply and eloquently: s/elites/Jews/g

            • (Score: 1, Insightful) by Anonymous Coward on Saturday October 22 2016, @04:14AM

              by Anonymous Coward on Saturday October 22 2016, @04:14AM (#417521)

              Except there is no elites. It's just another name for scapegoats because it is not so good to pick on blacks, Jews, disabled, or gay these days. So whoever invented "elites" just taps into the same bullshit.

              Sorry, what? It isn't just word substitution. Its about who has power. Jews, gays and the disabled never had power. Elites, by definition, have power. They don't have unlimited power, and they are not a monolithic group. But, by and large, their voices matter a whole lot more than everybody else's. Its less like one man one vote and more like one dollar one vote.

          • (Score: 3, Insightful) by stormwyrm on Saturday October 22 2016, @08:04AM

            by stormwyrm (717) on Saturday October 22 2016, @08:04AM (#417550) Journal

            Snowden, patriot or spy, warned that the NSA infrastructure was a "turnkey surveillance state." What you just witnessed was the final test of its effectiveness.

            Senator Frank Church said pretty much the same thing back in 1975: https://www.youtube.com/watch?v=8YipDR383hY [youtube.com] That's where Glenn Greenwald got the title of his book by the way. Looks like all Senator Church's worst fears are now coming to pass.

            --
            Numquam ponenda est pluralitas sine necessitate.
      • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @04:05AM

        by Anonymous Coward on Saturday October 22 2016, @04:05AM (#417518)

        > I bet "strong evidence" will point to Russia again...

        Wikileaks thinks it was their fans.

        http://www.smh.com.au/technology/technology-news/wikileaks-points-to-its-supporters-for-massive-ddos-cyber-attack-20161021-gs881u.html [smh.com.au]

      • (Score: 2) by Thexalon on Saturday October 22 2016, @12:14PM

        by Thexalon (636) on Saturday October 22 2016, @12:14PM (#417561)

        It's pretty clear that the "national security" state want a shooting war with Russia at this point. They've already made darn sure that the likely winner of the presidential election, who is already of a hawkish disposition when it comes to foreign policy, will loathe Putin with a passion upon taking office. And American Pravda, also known as the New York Times, is already running articles on their supposedly unprecedented sneaky tactics [nytimes.com] (never mind that the US military and CIA has done every single thing mentioned in the article for decades) that I'm sure are designed to get Americans thinking about the risks to all of our precious bodily fluids.

        So yes, I'm sure the classified briefing that can't be independently verified by anybody will contain "proof" that those nasty Russians are behind it. And the same person who bought into the very obviously faked information that the Iraqis had WMDs and were going to pass them to Osama bin Laden (who Saddam Hussein always hated, the idea that they were allied was ludicrous) will accept this "proof" hook, line, and sinker.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @01:10PM

          by Anonymous Coward on Saturday October 22 2016, @01:10PM (#417565)

          > who is already of a hawkish disposition when it comes to foreign policy, will loathe Putin with a passion upon taking office

          Sorry, I don't buy that. Clinton and Putin were pretty much at odds since she was secretary of state. She may be a lot of things, but a naife easily led by emotion is not it.

          > It's pretty clear that the "national security" state want a shooting war with Russia at this point.

          Nah. Shooting war doesn't do much for the intelligence agencies. But a hacking war would. And whether it was with russia or some other group it doesn't really matter, they get full employment either way. I am watching the latest reporting on CBS right now and one of their MILF types said something about russia, but they immediately followed it up with the fact that the US isn't even blaming it on a state and then a talking head was interviewed for many minutes talking about friends-of-wikileaks, grey-hats and a whole bunch of other possibilities.

          Its easy to be cynical and see what you expect to see, but so far blaming it on russia isn't getting much traction.

  • (Score: 2) by ikanreed on Friday October 21 2016, @08:35PM

    by ikanreed (3164) Subscriber Badge on Friday October 21 2016, @08:35PM (#417406) Journal

    I mean these things are on very broad based CDNs so they can be down in some places and not others, but I'm seeing no signs of a successful denial of service to the listed sites.

    • (Score: 2) by edIII on Friday October 21 2016, @08:40PM

      by edIII (791) on Friday October 21 2016, @08:40PM (#417409)

      Can confirm.

      I have no issues accessing Netflix from Northern California, and no issues accessing any of the other sites from Northern Europe with the exception of PayPal. I wouldn't visit them for any reason since they're a fucking criminal banking organization that steals money from people in apparent civil disputes that never seem to become criminal even though that is exactly what would happen to a real bank.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 3, Informative) by physicsmajor on Friday October 21 2016, @08:41PM

      by physicsmajor (1471) on Friday October 21 2016, @08:41PM (#417411)

      It's upstream, at the DNS level. Appears to be directed at the company Dyn, which has a heck of a lot of high profile clients. There have been at least two attacks so far.

    • (Score: 2) by forkazoo on Friday October 21 2016, @09:45PM

      by forkazoo (2561) on Friday October 21 2016, @09:45PM (#417435)

      Because of the distributed nature of a lot of this infrastructure, not everybody will see them as down, and very few will see all of them as down at the same time, but it's definitely happening and definitely large. Because it touches so many independent sites, this may well be the largest such attack to date.

  • (Score: 5, Insightful) by julian on Friday October 21 2016, @08:40PM

    by julian (6003) Subscriber Badge on Friday October 21 2016, @08:40PM (#417410)

    Thanks, Internet of Things!

    Sure, the largest websites and services getting periodically shut down is bad but isn't it worth it so we can have cheap mass produced surveillance cameras and lightbulbs that can be controlled from anywhere on your smart phone?

    Do you have any idea how much proper security would cost? It could drive unit price up several dollars! That's our whole profit margin!

    • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @03:59AM

      by Anonymous Coward on Saturday October 22 2016, @03:59AM (#417516)

      > Do you have any idea how much proper security would cost?

      Infinite dollars.

      I am not kidding. It is the same old problem with internet security - the attackers only have to succeed once, the defenders have to succeed every time.

      This particular IoT based attack is just the low hanging fruit because the vendors were super lazy. So they tighten things up, all that does is raise the cost to crack. The value of a botnet of IoT devices is enormous. So cracks will eventually be discovered. The most well funded crackers will develop exploits the fastest. But as time passes even the lone kid in his mother's basement will figure out an exploit, if for no other reason than vendors eventually go bankrupt but their IoT products will continue to live on the net and thus will stop receiving security patches. Look at this 12-year old sshd exploit [thehackernews.com] that 2 million IoT devices are vulnerable too. 12 years old.

      I think the only way we have a chance of controlling IoT exploits is to route all of their traffic through a monitoring system. Instead of talking directly to the internet, their internet access is through a managed VPN that actively watches for and blocks exploits. So even obsolete devices would still be actively protected by a system that is up to date. Having visibility into millions of devices will make it easier to detect unusual patterns so even zero-day exploits won't last very long once they get significant usage.

      • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @06:06AM

        by Anonymous Coward on Saturday October 22 2016, @06:06AM (#417534)

        https://soylentnews.org/article.pl?sid=16/10/21/0544236 [soylentnews.org]

        There will be no 'tightening up'. There will be no special firewalls or VPNs. It is going to get wildly worse. For a few we will figure it out and it 'wont happen to us' but everyone else will not really give a fuck.

  • (Score: 1, Informative) by Anonymous Coward on Friday October 21 2016, @08:47PM

    by Anonymous Coward on Friday October 21 2016, @08:47PM (#417414)

    And nothing of value was lost.

    • (Score: 2) by Celestial on Friday October 21 2016, @09:21PM

      by Celestial (4891) on Friday October 21 2016, @09:21PM (#417428) Journal

      Spotify was hit as well, but that was about the only thing I'd consider of value.

  • (Score: 4, Funny) by Username on Friday October 21 2016, @09:10PM

    by Username (4557) on Friday October 21 2016, @09:10PM (#417423)

    Hitting liberals where it really hurts, twitter and netflix.

    • (Score: 2) by PinkyGigglebrain on Friday October 21 2016, @11:59PM

      by PinkyGigglebrain (4458) on Friday October 21 2016, @11:59PM (#417470)

      Russians?

      Given that the US elections are in just over 2 weeks did anyone else think this might be a "false flag" operation?

      Whats that old saying? Never let a good crisis go to waste?

      Any bets on how the candidates and media are going to play this up?

      --
      "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
      • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @04:10AM

        by Anonymous Coward on Saturday October 22 2016, @04:10AM (#417520)

        > Whats that old saying? Never let a good crisis go to waste?

        Can we put that one to bed already?

        You never want a serious crisis to go to waste. And what I mean by that is an opportunity to do things that you think you could not do before. I think America as a whole in 1973 and 1974, and not just my view but obviously the administration's, missed the opportunity to deal with the energy crisis that was before us. For a long time our entire energy policy came down to cheap oil. This is an opportunity, what used to be long-term problems, be they in the health care area, energy area, education area, fiscal area, tax area, regulatory reform area, things that we have postponed for too long, that were long-term, are now immediate and must be dealt with. This crisis provides the opportunity, for us, as I would say, the opportunity to do things that you could not do before. The good news, I suppose, if you want to see a silver lining, is the problems are big enough that they lend themselves to ideas from both parties for the solution.
        — Rahm Emmanuel, 2008

        http://www.factcheck.org/2011/01/bum-rap-for-rahm/ [factcheck.org]

        • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @04:52PM

          by Anonymous Coward on Saturday October 22 2016, @04:52PM (#417602)

          are you seriously putting up a defense of rahm emmanuel, the fucking criminal and Israeli spy that wanted to mandate a US civilian brown shirt army? This whole capitalizing on a crisis thing is a theme with these elitist controller types. just because he tried to wrap it in an less creepy, non false flagish way doesn't mean shit. His buddies are still behind false flag ops and he is just on the front end of the op instead of the back end. shove your stupid snopes and shit where the sun don't shine.

  • (Score: 1) by nobu_the_bard on Friday October 21 2016, @09:20PM

    by nobu_the_bard (6373) on Friday October 21 2016, @09:20PM (#417427)

    Also mentioned on Reuters: http://www.reuters.com/article/us-usa-cyber-idUSKCN12L1ME [reuters.com]

    Not a lot of meat in the article, but it does have a confused description of DNS and a random picture of Wireshark ??

  • (Score: 1, Interesting) by Anonymous Coward on Friday October 21 2016, @09:36PM

    by Anonymous Coward on Friday October 21 2016, @09:36PM (#417432)

    So you have multiple DNS servers, minimum 2 IIRC (and no idea of maximum)... if the provider is not inept, in different networks. If you aren't inept and can pay for the service, you use different DNS providers too. All the fucking big webs should know that. But it seems they are all happy with their clouds, while a single "thunder strike" to the right place (one DNS company) brings them down.

    BTW, Soylent has 5 (good) DNS listed... all (bad) by Linode. Time to investigate DNS services that let you use them as secondaries? Suggestions? (This one of the things I liked about the site, people passing around tips)

    • (Score: 2) by gnuman on Saturday October 22 2016, @02:15AM

      by gnuman (5013) on Saturday October 22 2016, @02:15AM (#417497)

      If you aren't inept and can pay for the service, you use different DNS providers too.

      These DNS are anycast. The problem are ISPs that allow bots to exist on today's networks. If you have 12Mbps upload, well, you can kill any DNS with very small botnets already.

      Time to investigate DNS services that let you use them as secondaries? Suggestions?

      There are lots for free. Unless you have massive traffic, like during DoS, but then who cares? Soylent is not that important.

      • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @03:26AM

        by Anonymous Coward on Saturday October 22 2016, @03:26AM (#417512)

        There are 13 root "servers", using anycast so they are more than 13, from different organizations. They got hit by some DDoS, last one in 2015, no TV news unlike this one. One of the organizations having a serious problem should also be no problem.

        Attack against Dyn cripples it, and all networks they resolve go down with it. Grudge/extortion, intrusion or bankrupcy, same deal, we just got the proof today they are a single point of failure.

        So why don't spread and use multiple providers as general rule? They would had to nuke the DNS operations of Linode, Dyn, and 3 more to make Soylent disappear with this trick. And where I said Soylent, I mean really bigger fishes, just using it for the "5 servers". I guess big fishes are have their minds so "clouded" that they forgot about single points of failure. We will see in the future, worth checking the whois of these "clown fishes" and see if they still use a single DNS provider.

        Oh! Paypal already using 6 servers, 2-3 organizations (themselves is not exactly the best, at some point you will need the other 2, right?).
              Name Server: NS1.P57.DYNECT.NET
              Name Server: NS3.P57.DYNECT.NET
              Name Server: PDNS100.ULTRADNS.COM
              Name Server: PDNS100.ULTRADNS.NET
              Name Server: PPNS1.PHX.PAYPAL.COM
              Name Server: PPNS2.PHX.PAYPAL.COM
              Updated Date: 21-oct-2016

  • (Score: 2) by Arik on Friday October 21 2016, @09:50PM

    by Arik (4543) on Friday October 21 2016, @09:50PM (#417440) Journal
    Ok, but did anyone I actually care about get hit?

    Anyone who has a web-page?
    --
    If laughter is the best medicine, who are the best doctors?
    • (Score: 0) by Anonymous Coward on Friday October 21 2016, @11:24PM

      by Anonymous Coward on Friday October 21 2016, @11:24PM (#417459)

      Tried to "Track a transfer" on the Western Union site and it was flaky, only part of the page would load, some items greyed out. Possibly one part of the page calling another file somewhere to load the captcha (or some other "test for a human" frob)? Tried several times over 15 minutes around 3pm eastern time, always the same. Just tried now and it's back to normal.

      Now, who was it that wanted me to buy a car that requires an internet connection? (looking ahead a few years)

    • (Score: 0) by Anonymous Coward on Saturday October 22 2016, @04:03AM

      by Anonymous Coward on Saturday October 22 2016, @04:03AM (#417517)

      I had real problems with my VPN - privateinternetaccess.com. Once a VPN tunnel was up, it stayed up. But I switch endpoints 5-10 per day and if the DNS flaked out during the tunnel setup it would error out. Once I figured out what was going on I just kept the same tunnel up. But it took me a while to debug it.

  • (Score: 1, Informative) by Anonymous Coward on Saturday October 22 2016, @05:01AM

    by Anonymous Coward on Saturday October 22 2016, @05:01AM (#417523)
  • (Score: 3, Insightful) by PinkyGigglebrain on Saturday October 22 2016, @07:37AM

    by PinkyGigglebrain (4458) on Saturday October 22 2016, @07:37AM (#417547)

    I'm going to bet the Russians or North Korea (slight chance China) are going to get blamed within the next 24-36 hours. I'm really going to find that hard to believe without some really solid evidence from non-US sources. I could see Russia, etc. doing/trying a mass hack of banks/corporations/infrastructure but a DDOS that takes out a major portion of the US Internet? Doesn't make sense, because it revealed 1: how vulnerable the IoT is, and 2: how much of it has been hacked already. Now all those devices will get patched/secured and the bot net is likely going to get taken down or at least diminished to a noticeable extent.

    And for what? What is the benefit of a DDOS attack of this scale by a non US power other than to say "HEY, ALL YOUR BASE BELONG TO US!!" and inconvenience a lot of people.

    I have to wonder if this might not have been a false flag operation by certain US three letter agencies or other US groups with the ability to pull this off that want a particular person in the White House.

    Another possibility is it was a distraction to cover something else that was worth revealing that much control over the IoT.

    got a bowl of popcorn and a big soda. Going to be fun seeing how this plays out.

    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
    • (Score: 0) by Anonymous Coward on Sunday October 23 2016, @05:01AM

      by Anonymous Coward on Sunday October 23 2016, @05:01AM (#417757)

      > I'm going to bet the Russians or North Korea (slight chance China) are going to get blamed within the next 24-36 hours.

      Easy bet to make. What do you lose if you are wrong?
      Nothing.
      Monday you'll forget you bet wrong and have a brand new conspiracy theory to make yourself feel insightful.