A major cyber offensive that brought down internet behemoths Twitter and Paypal is thought to have been launched by hackers using common devices such as webcams, baby monitors and digital recorders.
In a huge breach of global internet stability, hackers brought down well-known sites including Netflix, Twitter, Paypal and Spotify.
The widespread disruption was the result of a coordinated assault on some of the underlying infrastructure that powers the Internet. Dyn, one of several companies responsible for hosting the crucial web directory known as the Domain Name System (DNS), suffered a sustained so-called “distributed denial of service” (DDoS) attack, leading many people intermittently to lose access to specific sites or to the Internet entirely.
Attackers overwhelmed the system using hundreds of thousands of devices that had been infected with malicious code to create a "botnet", Dyn said it had fought off a number of different attacks throughout Friday. Outages were reported in the Eastern United States before sweeping across the country and over Europe.
DDoS attacks are common, but there is evidence that they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers.
"The complexity of the attacks is what's making it very challenging for us," Dyn's chief strategy officer, Kyle York told Reuters.
US Homeland Security and the Federal Bureau of Investigation (FBI) are investigating the breach. A spokeswoman said the FBI were looking into the incident and all potential causes, including criminal activity and a nation-state attack.
The enormous attack comes amid increased concern for cyber security in the US, after hackers broke into the computers of a series of US organisations, including those of the Democratic National Committee (DNC).
The hacks against the DNC have increased political tensions, with the US directly accusing Russia of carrying out the attacks.
During the third and final presidential debate, Ms Clinton accused Russian President Vladimir Putin of personally carrying out the hack.
Dyn said the onslaught was coming from millions of internet addresses, making it one of the largest cyber onslaughts of all time.
The internet outages on Friday were intermittent and varied by geography. Users reported that dozens of sites including that of CNN, the Wall Street Journal and some businesses hosted by Amazon.com could not be reached.
As part of a DDoS attacks, hackers flood targets with so much traffic they become overwhelmed and freeze. It still isn’t clear where exactly the cyber-attack originated.
Dyn said it had determined that at least some of the attacks were coming from common devices including webcams and video recorders infected with software called Mirai.
Security experts have previously warned that that such devices pose a security threat.
Dale Drew, chief security officer at communications provider Level 3, said that other networks of compromised machines were also used in Friday's attack, suggesting that the perpetrator had rented access to multiple so-called botnets.
The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, according to Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyse the attack.
Additional reporting by Reuters
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies