KUSA – There’s a good chance you noticed signs of Friday’s massive internet attack scrolling through a Twitter feed that wouldn’t refresh or attempting to watch a Netflix movie that wouldn’t load.
The FBI and the Department of Homeland Security are now investigating the widespread cyberattack that blocked access to major sites like Twitter, Netflix, Spotify, Amazon and countless others.
The distributed denial of service attack, or DDoS, targeted servers of the online traffic company Dyn.
“That one company was flooded with so much traffic that it couldn’t deal with it and it essentially shut down,” explained JB Holston, Dean of the Daniel Felix Ritchie School of Engineering and Computer Science at the University of Denver.
Holston explained the DDoS attack involved a half-million virus infected devices and everyday appliances connected to the internet. The so-called “internet of things” include everything from printers and DVRs to security cameras and baby monitors.
“The number of those has just exploded and they’re pretty insecure,” Holston said. “They typically come with a factory installed password which is extremely easy to guess.”
Holston said those half-million hacked appliances were used to send a piece of script to Dyn, basically all at once.
“And all of a sudden Dyn is getting 250 gigabits of information per second and can’t handle it,” Holston said.
As a result, websites that rely on Dyn were inaccessible at different times on Friday, including Colorado.gov and several state agency websites.
“Today was just a really nearly unprecedented distributed denial of service attack that hit DNS servers on the east coast and took down much of the infrastructure of the country,” explained Fred Sargeson. Sargeson is president of Colorado Interactive LLC, the company that builds and manages Colorado.gov and state agency websites.
“Any of those informational pages were unavailable sporadically today,” Sargeson said.
Colorado Interactive LLC was able to mitigate the problem on Friday by building a separate site that users could access.
“The biggest concern for us is, is it a harbinger of more activity coming,” Sargeson said.
While DDoS attacks aren’t new, the scope of Friday’s attacks were surprising to those who see them all the time.
"We need to be concerned because the infrastructure that we rely on for commerce and information got shut down for a period of time," said JB Holston.
Dyn told CNBC on Friday the last of three cyberattacks it faced “has been resolved,” but did not know who was responsible for the attacks.