Mass hacking may have targeted "rickety" DNS domain name system

Experts say the system - which acts as an address book for the Internet - is "actually very easy to take down"

Mass hacking may have targeted "rickety" DNS domain name system

The Twitter logo appears at the post where it trades on the floor of the New York Stock Exchange | Image: Richard Drew AP/Press Association Images

Smart devices like webcams and even thermostats may have been used to carry out a large scale cyber-attack, according to online security experts.

Experts believe the attack was aimed at the DNS Domain Name System which acts as an address book for the Internet. 

Dozens of popular US based websites including Twitter, Netflix and Spotify were targeted in Friday's raid.

The discussion site Reddit, hospitality booking service Airbnb, the money transfer service PayPal and news sites including CNN, The Guardian and The New York Times also reported disruption.

Technology journalist, Kate Bevan has been examining the hack:

The attack was aimed at New Hampshire based Dyn Inc which is one of the largest internet traffic management providers.

The company's servers were affected by denial-of-service attacks, which work by overwhelming targeted machines with junk data traffic.

Dyn Inc's chief strategy officer Kyle York said: "It is a very smart attack. As we start to mitigate they react and start to throw something that's over the top."

The company believes the attack involved tens of millions of internet connected devices, including closed-circuit video cameras and recorders, which were infected with malware.

Smart thermostats, which enable users to control their home heating from their smartphones, may also have been used.

'New World Hackers'

The attacks came in geographically shifting waves and from IP addresses from around the world.

A shadowy group which calls itself New World Hackers has claimed responsibility, saying it organised a network of 'zombie' computers to carry out the attack.

The group claims to have around 30 members - mostly in Russia - though one, who calls himself 'Ownz,' claims to be a teenager from London.

In a private online conversation with an Associated Press reporter he denied making demands and said blackmail was not the motive.

He said: "We will make one demand actually. Secure your website and get better servers, otherwise be attacked again."

Other members of the group said they only carried out the attack to test their power.

Former deputy secretary at the US Department of Homeland Security James Norton pointed out that the attack on one company had caused mass disruption for many others.
He said: "I think you can see how fragile the internet network actually is."

In the past, New World Hacking has claimed responsibility for cyber-attacks on the BBC and ESPN.

They have also targeted sites operated by Islamic State.

Twitter say its service is now running as normal, as does Netflix: