Internet infrastructure provider Vocus has confirmed it was hit with a DDoS attack which took its internet down for about an hour this afternoon, affecting people throughout New Zealand.
Many people's internet is now connected again, after a widespread outage affecting a number of companies including Spark, Vodafone, Slingshot and Orcon.
The website Down Detector is now reporting a sharp drop in outages, indicating that services are back online for many.
A DDoS attack is where attackers try to disrupt the normal traffic to an internet service, server, or network. The aim is to hinder access, and stop people from getting to the services they need.
The attacks work by flooding a website with fake requests, exceeding its capacity. That means normal, legitimate, requests can't get through.
The technique was what was used in a series of attacks on the NZX (NZ Stock Exchange) last year.
Reports of outages came in from all over the country, but mostly in the North Island, including Auckland, Hamilton and Wellington about 1.30pm. Users in Christchurch and Dunedin also reported being affected.
Some users reported online connections had resumed about 2.10pm.
Vocus owns Orcon, Slingshot and Flip and provides a dedicated service for large corporate clients.
A spokesperson said the Vocus engineering team confirmed the issue was related to a DDoS attack.
"Mitigation has been in place to reduce the impact, no current service disruption has been reported to VSC, we will continue to monitor the services and provide updates."
Orcon said in a tweet later in the afternoon that the issue was resolved.
"We're keeping a close eye on the network to make sure everything is OK. Once again, we're really sorry for the disruption, we realise the timing was less than ideal!"'
Chorus and Slingshot also said they were aware of the issue and apologised to customers.
All Apple Pay or payWave options were taken offline in the internet crash.
Those making electronic transactions on their phones at supermarkets were left without means to pay.
Kiwibank posted on Twitter that there was a major problem with internet banking and all services connected to its app and website were affected.
"We're looking into it at this moment with urgency," the bank tweeted.
Professor Dave Parry from AUT said denial of services attacks happen all the time, but the fact this one targeted a major internet infrastructure provider makes it more serious.
"The attackers have developed a new way of basically making sure that the ISP on the New Zealand side doesn't recognise this as a denial of service attack until its already had an effect," he said.
Parry said taking down major internet providers makes it exceptional.
What is a DDoS attack?
Security company NortonLifeLocks says criminals prepare for a DDoS attack by taking over thousands of computers. These are often referred to as "zombie computers".
They form what is known as a "botnet" or network of bots. These are used to flood targeted websites, servers and networks with more data than they can accommodate.
A volume-based or "volumetric" DDoS attack sends massive amounts of traffic to overwhelm a network's bandwidth, NortonLifeLock says.
The company says a DDoS attack has to be repelled at the internet service provider level, which often this involves temporarily blocking traffic from certain IP addresses.
- RNZ and NZ Herald