Facebook and Twitter: Denied!
by admin on Aug.08, 2009, under Security
This past week the online social media communities Twitter and Facebook both fell under a denial of service attack. This attack limited accessibility to those sites for several hours on Thursday. Twitter announced it was under attack early on Thursday (Aug 06) with a brief statement on their status blog.
Late Thursday afternoon, CNET reported that a blogger from the Republic of Georgia was the target of the denial of service attack. This is much like trying to kill a fly with a sledgehammer. You’ll break whatever the fly was standing on, but the odds are your target will emerge unscathed. As of this writing there is no news on who was responsible for the attack.
For the general public, their primary concern was not being able to access their Twitter feeds or Facebook pages – but what is a denial of service attack, and how does it work? According to the United States Computer Emergency Readiness Team, in a denial of service attack, an “attacker attempts to prevent legitimate users from accessing information or services.” They accomplish this by overloading a server with requests, essentially blocking out any legitimate request traffic.
Fortunately, both sites were able to recover from the attack relatively quickly – both were up and running in about three hours.
What’s disturbing to me though is the continued vulnerability of these sites to attack. As Twitter adjusts and gets over it’s growing pains and becomes more a part of the mainstream, more companies and individuals will rely on the service. The same is true of Facebook. The more people use these technologies, the more accustomed and dependent they become on them. What might today be a minor inconvenience could be commercially costly a few years down the road.
Twenty years ago businesses used to transmit data directly to other computers. Modem to modem. When the Internet opened up to commercial enterprise, everyone saw it for what it was – a quick and effective means of transmitting data from point to point. Networks were built on top of networks, some secure and some not – but all using the same basic technology. Now, the Internet is the lifeline of international commerce – not to mention the communication and dissemination of information. What happens when a denial of service attack cripples banks, investment firms, health care, or the government itself?
To paraphrase a line from former ESPN anchor Dan Patrick, when it comes to Denial of Service attacks: you can’t stop them, you can only hope to contain them. System security professionals will always be reacting to these attacks because until it starts, there very little one can do to prevent it. Certainly, hardening systems can dissuade amateurs from hacking – but seasoned professionals – or worse yet – hostile governments or terrorist groups, will always be on the lookout for vulnerabilities.
Humankind seems to thrive on conflict – and to every new land we inhabit, we bring some battle along. What began with rocks and spears, graduated to swords and cannon on the high seas, to aircraft and missiles in the past 100 years. The new weapon in the arsenal is familiar to all of us.
In fact, you’re reading this on it right now.
August 8th, 2009 on 9:01 pm
Your point about how important Twitter could become important for commerce is exactly right. But I have to say, I fear the day. I like your blog for the precise reason that you have enough characters to say what you really needed to say. Running the world or a business in 140 characters or less is frightening…or very very precise.
August 10th, 2009 on 1:07 pm
I think it is funny and sad that everything we do also includes some way to exploit that very same thing. Perhaps this is a part of what pushes us forward- innovation can be either good or bad, often both, but is rarely neutral.
I am more disturbed by the security vulnerabilities of, not only Facebook and twitter, (Facebook, by the way, was facing temporary bans in Canada for not conforming to their security standards), but moreover the huge credit companies. At least with the social mediums, you can choose not to enter private information, but it is almost impossible to make that decision (in this day and age) for larger credit card companies. Black Ice programs posing as harmless information have infiltrated many a database, where, literally, thousands of accounts have been compromised.
I have to admit, I wish that the internet was not such an abused place. I love using it so much, I just hate the feeling of having to ‘look over my shoulder’ while doing so- worried that someone will destroy, or steal my valued information.
Thanks for the post:
Sarah