Cyber Incident Victim: Dyn
Date:
Oct 2016
Location:
United States of America
Summary
A distributed denial-of-service (DDoS) attack targeted a major DNS provider's infrastructure in the US East Coast, disrupting services for numerous high-profile websites and internet platforms. The attack caused widespread latency and intermittent outages, affecting platforms including Twitter, Reddit, GitHub, and major news organizations by delaying DNS resolution and propagation of address changes. Service was temporarily restored after initial mitigation efforts, but the attack resumed hours later, impacting additional services like website provider Wix.com and causing further monitoring delays. The incident led to significant slowdowns in web requests and application functionality across affected regions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 21, 2016, a distributed denial-of-service (DDoS) attack targeted Dyn, a major managed DNS provider, disrupting internet services across the United States. The attack commenced at 7:10 AM Eastern Time (12:10 PM UK time), focusing on Dyn’s US East Coast name servers. This caused widespread DNS resolution failures and increased latency, impacting dozens of high-profile websites and online platforms. Affected services included Twitter, Reddit, GitHub, The New York Times, The Boston Globe, and others reliant on Dyn’s infrastructure. Users experienced intermittent outages, slow webpage loading, and failed DNS lookups, particularly on the East Coast. Dyn confirmed the attack via email, with Doug Madory, Director of Internet Analysis, stating DNS traffic from East Coast servers faced service interruptions. By 9:20 AM ET, Dyn mitigated the initial attack, restoring normal operations. The disruption highlighted Dyn’s critical role in global DNS resolution, as delayed address propagation and query responses cascaded into application-level failures for mobile apps and websites.
Less than three hours after the first attack subsided, a second wave began, with Dyn’s status page confirming renewed DDoS activity at 15:52 UTC (11:52 AM ET). This phase persisted beyond the article’s 1:20 PM ET update, affecting Dyn’s advanced monitoring services and causing additional delays. Twitter and website builder Wix.com reported renewed accessibility issues, while engineers worked to contain the attack. The initial wave had already exposed vulnerabilities in centralized DNS infrastructure, as geographically concentrated servers became single points of failure. Mikko Hypponen, F-Secure’s chief research officer, publicly listed impacted sites via social media, underscoring the attack’s breadth. Dyn’s public updates emphasized ongoing mitigation efforts but did not disclose attack vectors or perpetrator details. The incident underscored how DDoS attacks on DNS providers could cripple unrelated services globally, with prolonged latency and outages affecting both end-users and enterprises during peak hours.