SAN FRANCISCO — Eleven hours after a massive online attack began that blocked access to many populat websites Friday, the company whose network was being assaulted was finally able to restore it service. Dyn Inc., a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning. The issue kept some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites. At 6:17 p.m. ET, Dyn updated its website to say it had resolved the large-scale distributed denial of service attack (DDoS) and service had been restored. DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. “It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon. Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance. These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knocks the out victim’s computer system. The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case. Dyn is getting “tens of millions” of messages from around the globe sent by seemingly harmless but Internet-connected devices. “It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an Internet-connected toaster on Kickstarter yesterday,” said York. The complexity and breadth of the multiple attack points makes it difficult to fight, because it’s hard to distinguish legitimate traffic from botnet traffic. York said one bright spot for the company had been the tremendous outpouring of aid from its customers, competitors and law enforcement. “You guys wouldn’t believe the amount of support we’ve received,” he told reporters.