The easiest way to take down the web is to attack people’s access to it.
For more than two hours on Friday morning, much of the web seemed to grind to a halt—or at least slow to dial-up speed—for many users in the United States.
More than a dozen major websites experienced outages and other technical problems, according to user reports and the web-tracking site downdetector.com. They included The New York Times, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, EA, the Playstation network, and others.
How was it possible to take down all those sites at once?
Someone attacked the architecture that held them together—the domain-name system, or DNS, the technical network that redirects users from easy-to-remember addresses like theatlantic.com to a company’s actual web servers. The assault took the form of a distributed denial-of-service attack (DDoS) on one of the major companies that provides other companies access to DNS. A DDoS attack is one in which an attacker floods sites “with so much junk traffic that it can no longer serve legitimate visitors,” as the security researcher Brian Krebs put it in a blog post Friday morning.