Friday morning saw the largest internet blackout in US history. Almost every corner of the web was affected in some way -- streaming services like Spotify, social sites like Twitter and Reddit, and news sites like Wired and Vox appeared offline to vast swathes of the eastern seaboard.
After suffering three separate distributed denial-of-service (DDoS) attacks, Dyn, the domain name system provider for hundreds of major websites, recovered and the web started to spring back to life.
The flooding attack was designed to overload systems and prevent people from accessing the sites they want on a scale never seen before this.
All signs point to a massive botnet utilizing the Internet of Things, powered by malware known as Mirai, which allows the botnet's operator to turn a large number of internet-connected devices -- surveillance cameras, smart home devices, and even baby monitors -- against a single target.
In this case, it was Dyn's servers.
"We're seeing attacks coming from an Internet of Things botnet that we identified called Mirai, also involved in this attack," said Dale Drew, chief security officer at Level 3, in a live stream on Friday, during a time where information about the attack was still scarce.
Dyn later said Saturday in a blog post that the attack was "highly distributed" and involved "tens of millions of IP addresses."
"The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations," the statement read. The company also confirmed that the use of Mirai was only part of the wider attack.
Chester Wisniewski, principal research scientist at security firm Sophos, said that this demonstrates "incredible power wielded by just one type of device," and argued that harnessing the power of tens of millions of insecure smart devices "could cause incredible disruptions."
What sets the Mirai botnet apart is that the malware doesn't require much hacking power. It scans for devices that cycles through the default username and password credentials that devices ship with, rather than any extensive vulnerability exploitation. Security researchers have called the code "amateurish," despite arguably being better than "most" other malware hitting smart devices.
Dyn is expected to give a more detailed update early next week.
Given that all signs (though yet to be fully confirmed) point to what, the big questions to ask next are who was behind the attack, and why?
Because the Mirai code is open source, anyone can theoretically leverage the botnet's power. That makes attribution even tougher when you're trying to pin the blame -- anyone from a lone hacker to a nation state could be behind the attack.
"Since this release, copycat hackers have used the malware to create botnets of their own in order to launch DDoS attacks," said security firm Flashpoint said in a blog post.
"Who would do this? It doesn't seem like something an activist, criminal, or researcher would do," he said in a blog post. "It's not normal for companies to do that. Furthermore, the size and scale of these probes--and especially their persistence -- points to state actors.
As of Saturday morning, things have settled down. Dyn had no further update on its status page as of the time of writing.
Almost everyone affected by the cyberattacks have some part to blame in Friday's cyberattacks. The tech companies for shipping devices with default passwords. The buyers who don't change the passwords. The companies like Dyn that manage network infrastructure who couldn't repel an attack of this size, and even the websites that suffered as a result of the Dyn attack have their own uptime lessons to learn from the outage.
For the fact that an attack on this scale could happen isn't a surprise in itself. Security researchers and hackers alike have warned that the Internet of Things poses a considerable headache because nobody is putting of security first.
Where we'd normally blame the weakest link, it seems the entire security chain is busted.
Updated on October 23: with additional commentary from Dyn.