The cyber attack that took down US sites from Twitter and Spotify to CNN, Yelp and the New York Times on Friday was notable for its sheer size but also the fact that it employed internet connected devices, like cameras, to boost its firepower.
Some of the sites were also briefly unavailable in Europe.
The method appears to have been a Distributed Denial of Service attack.
This involves hackers gaining control of large numbers of computers and using them to send millions of requests to a particular target. This can swamp the receiver will so many requests for information that it cannot respond.
Such attacks have been around for many years, sometimes linked to criminals looking for blackmail money, sometimes activists looking to put pressure on particular companies.
The attack which took place on Friday targeted Dyn, a company that helps direct internet traffic to multiple sites on the internet. It is unclear why Dyn was targeted, but the effect was to temporarily to shut down many of America’s biggest companies’ websites.
The Department of Homeland Security and the FBI are investigating who was behind it.
In order to recruit enough power to overwhelm Dyn, which is accustomed to operating with enormous volumes of traffic, the hackers took control of devices which had previously been infected by a malware called Mirai.
They also managed to conceal the origin of their attacks by making them look like legitimate requests, preventing Dyn from filtering out the spam traffic. At least three separate attacks took place beginning Friday morning US time.
The Mirai code, which appeared on the internet about a month ago, is being used by criminal groups who sell the computing power they can control through it, Allison Nixon, of security firm Flashpoint told Reuters. The attacks on Friday may also have used other networks of compromised machines.
Mirai infects internet connected devices. The so-called Internet of Things has been exploited by consumer goods manufacturers from car-makers, to white goods suppliers, to heating and security firms to allow users to connect to and control all kinds of equipment.
It works by connected to appliances which have weak passwords or have kept the default passwords set by manufacturers.
Resetting the device will rid it of the malware but only temporarily.
The Department of Homeland Security warned last week that many of these devices do not have proper security to prevent them being hacked into by criminals.