Mysterious cyber attacks disrupt Twitter, Netflix, Spotify service

Highly disruptive cyber attacks snarled Web traffic on the East Coast Friday, shutting down access to some of the Web's most popular sites and frustrating their users.

A slew of major sites including Twitter, Netflix, Spotify and Reddit were affected by what was described as several distributed denial of service attacks (DDoS), on the Internet services company Dyn.

“Starting at 11:10 UTC [7:10 EDT] on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS [domain name system] infrastructure,” Dyn reported. Dyn said that attack was resolved less than two hours later, by 9:20 EDT.

But later in the day the company found itself on the ropes once again, reporting that it was fighting "several" attacks.

"Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure," the company wrote on their website at 1:53 EDT. There was no sign that the attacks had ceased as the day went on, with the company posting similiar messages about continuing to fight attacks throughout Friday afternoon.

Gary Miliefsky, the CEO of Snoopwall, told that DDoS attacks are common and can be launched cheaply.

“[They] have become so frequent and due to the massively deployed secret botnets (malware running on computers all over the globe), you can lease a DDoS attack against any target, like Dyn, for a very low cost,” he said in an email. “In addition, with the exponential power of computing, one can build DoS equipment for less than $300. “

On Twitter on Friday afternoon, "DDoS" became the top trending topic, with over 100,000 tweets mentioning the attacks.

Some companies like Spotify took to Twitter to report problems Friday morning.

“Uh oh, we’re having some issues right now and investigating,” the company reported at 8:59 am. “We’ll keep you updated!”

Later, they announced that the problem had been fixed, but then tweeted again at 12:31 pm that they were having more issues.

PayPal was hit too, with the prominent payment company reporting issues via Twitter.

Shuman Ghosemajumder, the CTO at Shape Security, said that while DDoS attacks aren't a new phenomenon, some attacks have had "unprecedented volume recently."

"The outages this morning on Dyn customers are yet another demonstration of how attacks on various critical points on the Internet can affect large services and impact vast numbers of users," he told in an email. "In this case, the [domain name system] isn't something that most users think about all the time or even understand, but the Internet as we know it simply cannot work without it."

Follow Rob Verger on Twitter: @robverger