A massive Internet attack that paralyzed Twitter, Netflix and other services is being blamed on a specific kind of malware designed to harness the power of ordinary consumer devices.
The bad news: Using it isn't particularly hard and doesn't require much money. The malware, known as Mirai, was recently posted online for others to adapt for their own attacks.
Researchers say Mirai exploited security vulnerabilities in thousands of internet-connected devices such as web cameras, then used those devices to attack a major internet firm, resulting in widespread outages. Researchers say Mirai has been used before, but not on the scale of Friday's attacks.
Here's a look at Mirai and what makes it so destructive.
What happened?
Dyn Inc., an Internet company in Manchester, New Hampshire, said its servers were hit by a distributed denial-of-service attack. These types of attacks work by overwhelming targeted computers with junk traffic, so legitimate traffic can't get through.
Jason Read, founder of the Internet performance monitoring firm CloudHarmony, said his company tracked a half-hour-long disruption early Friday affecting access to many popular sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.
What made this attack so nasty?
While distributed denial-of-service attacks have been around for years, hackers have many more devices they can use to pull off their attacks, thanks to the proliferation of Internet-connected cameras, thermostats, lights and more.
And Mirai makes it easy for a would-be attacker to scan the Internet for devices to take over and turn into "botnets" for launching coordinated attacks, Chris Carlson of the cybersecurity firm Qualys said.
While botnets have been used as weapons for nearly a decade, they have typically been employed by organized crime groups that targeted websites involved in less-than-savory businesses such as pornography or gambling. Those sites pay extortion money to make the problem go away quietly, Carlson said.
"But when you bring it to Dyn, and a lot of the internet gets shut down, people take notice," Carlson said.
What kinds of devices were affected?
Researchers at the cybersecurity firm Flashpoint say very few devices in the US seem to be involved.
Most of the junk traffic heaped on Dyn came from internet-connected cameras and video-recording devices that had components made by an obscure Chinese company. Those components had little security protection, so devices they went into became easy to exploit.
(Also see: Xiongmai Says Its Cameras Were Used to Take Down the Internet)
Because the components were put into a variety of devices that were then packaged and rebranded, it's hard to tell exactly where they ended up. But Flashpoint researchers Allison Nixon and Zach Wikholm say their research shows that the bulk of them ended up in Vietnam, Brazil, Turkey, Taiwan and China.
Who's behind it?
That remains unclear. Nixon and Wikholm say it's unlikely that this is a state-sponsored attack. Because the blueprints, or source code, for Mirai were public, an attack like this wouldn't need a government's resources.
Hacker groups have claimed responsibility through Twitter, but those claims haven't been verified and the pair says it's likely that they're all lying.
"These guys are amateurs and they managed to get this far. That's kind of scary," Nixon said.
Are more attacks coming?
Probably. Hacker groups have threatened targets ranging from the Russian government to major corporations and the US presidential election. But it's unclear if those groups are actually capable, or just making empty threats.
Experts say that whatever the target, more attacks are inevitable in light of the continued growth of connected devices and the lack of security requirements for them. Therefore, the solution lies in boosting device security at the hardware level.
"At the end of the day, these attacks aren't super sophisticated," Carlson says. "They're just a blunt hammer and whoever has the biggest hammer wins."
The Department of Homeland Security said Monday that it's been working on security practices for internet-connected gadgets and will release them in the common weeks.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.