This past week the online social media communities Twitter and Facebook both fell under a denial of service attack. This attack limited accessibility to those sites for several hours on Thursday. Twitter announced it was under attack early on Thursday (Aug 06) with a brief statement on their status blog.
Late Thursday afternoon, CNET reported that a blogger from the Republic of Georgia was the target of the denial of service attack. This is much like trying to kill a fly with a sledgehammer. You’ll break whatever the fly was standing on, but the odds are your target will emerge unscathed. As of this writing there is no news on who was responsible for the attack.
For the general public, their primary concern was not being able to access their Twitter feeds or Facebook pages – but what is a denial of service attack, and how does it work? According to the United States Computer Emergency Readiness Team, in a denial of service attack, an “attacker attempts to prevent legitimate users from accessing information or services.” They accomplish this by overloading a server with requests, essentially blocking out any legitimate request traffic.
Fortunately, both sites were able to recover from the attack relatively quickly – both were up and running in about three hours.
What’s disturbing to me though is the continued vulnerability of these sites to attack. As Twitter adjusts and gets over it’s growing pains and becomes more a part of the mainstream, more companies and individuals will rely on the service. The same is true of Facebook. The more people use these technologies, the more accustomed and dependent they become on them. What might today be a minor inconvenience could be commercially costly a few years down the road.
Twenty years ago businesses used to transmit data directly to other computers. Modem to modem. When the Internet opened up to commercial enterprise, everyone saw it for what it was – a quick and effective means of transmitting data from point to point. Networks were built on top of networks, some secure and some not – but all using the same basic technology. Now, the Internet is the lifeline of international commerce – not to mention the communication and dissemination of information. What happens when a denial of service attack cripples banks, investment firms, health care, or the government itself?
To paraphrase a line from former ESPN anchor Dan Patrick, when it comes to Denial of Service attacks: you can’t stop them, you can only hope to contain them. System security professionals will always be reacting to these attacks because until it starts, there very little one can do to prevent it. Certainly, hardening systems can dissuade amateurs from hacking – but seasoned professionals – or worse yet – hostile governments or terrorist groups, will always be on the lookout for vulnerabilities.
Humankind seems to thrive on conflict – and to every new land we inhabit, we bring some battle along. What began with rocks and spears, graduated to swords and cannon on the high seas, to aircraft and missiles in the past 100 years. The new weapon in the arsenal is familiar to all of us.
In fact, you’re reading this on it right now.