cyberattack that brought down these and other sites in the US and Europe focused on a particular component of the internet’s architecture that is known to be vulnerable: DNS. By Rob Miles To understand how such attacks are possible today you have to remember that the internet was designed decades ago, when there were very few computers in the world – and even fewer connected to a network. As a research project funded by the US military in the 1960s, the original internet was designed to be a network that could survive a nuclear attack. It was distributed, didn’t rely on a central hub, and messages could still be routed through the network even if large parts of it had been damaged or destroyed. But while this design made the internet resilient to attacks from outside the network, its design placed a great deal of trust in those using it – all its users were to be US military or associated staff, after all. Consequently the internet was never designed to withstand attacks from inside the network, yet today it is used across the world – including by, for example, both the US military and its adversaries. The incidents that are becoming common today revolve around DNS – the Domain Name System – a sort of internet address book. DNS records contain the unique IP network address of the web server that is the physical location of a website, and the human-friendly URL or domain name which points to it. This is because it’s a tough ask for users to remember an IP address such as 192.168.15.23, and much easier to remember something like theconversation.com. It is DNS that stores these records and converts a URL into its corresponding network address. DNS management can be tricky, particularly for very popular web sites, so companies are frequently employed to do this: one popular company is Dyn, and it was this company that found itself on the end of a massive distributed denial of service attack recently, in which the target is bombarded by a huge number of requests at the same time. The idea is to overwhelm the service to prevent legitimate traffic getting through. It’s rather like every person in the country calling directory enquiries at once – it would become unusable. As DNS companies like Dyn typically provide services for thousands of websites, an attack that puts them offline can have a very wide impact. Of course, the internet’s original designers never considered that systems with access to the network would go rogue and act against it, nor in such enormous numbers. But today that is exactly what’s happening: almost anyone in the world can connect to the internet and start sending messages, be they harmless or malicious.