March 19, 2019

Could the Facebook outage have been cyber attack?

Could the Facebook outage have been cyber attack?

Facebook and its sister app, Instagram suffered an outage on Wednesday where users complained of being unable to log in to their accounts or experiencing limited functionality.

It’s Facebook’s worst disruption since in 2008 when it had only 150  million users as opposed to the 2.3bn monthly users it currently has.

 

During and after the outage, speculation was rife about a cyber-attack. After all, the social network has had a bad year that has seen it be a victim of several successful hacks and data leaks.

Much of the speculation points to Facebook being a victim of  a distributed denial of service (DDoS) attack, where a website is taken offline because an attacker is flooding it with traffic. Facebook strongly denies this.

What we know so far

Facebook has responded. A spokesperson told me: ‘We’re aware that some people are currently having trouble accessing the Facebook family of apps. We’re focused on working to resolve the issue as soon as possible, but can confirm the issue is not related to a DDoS attack.’

But what else could it be? Suggestions range from a simple misconfiguration error, to a planned cyber-attack by a malicious actor.

The case for

Only time will tell the real reason for the outage, but experts don’t dismiss the idea that a malicious actor could be at fault. “Despite initial reports that the issues at Facebook and Instagram have been caused by an overloaded data server, there is still every possibility that these outages could be the result of malicious actors,” says Dr. Max Eiza, lecturer in computing at the University of Central Lancashire.

Dr. Eiza points out that it has previously “taken weeks” for tech giants to own up to the fact that system outages have been the result of DoS attacks (something which Facebook strongly denies). However, says Dr. Eiza, until a full investigation has been conducted, it’s impossible to rule this out.

And even if this issue is the result of internal failures, Dr. Eiza warns that there is still a chance that malicious actors could have seized this downtime to get hold of data. “There’s every possibility that the data of Facebook and Instagram users could be at risk.”

Edward Whittingham – a former police officer and qualified solicitor, who is now the MD of The Defence Works – is yet to be convinced by Facebook’s denial. “Facebook has flat out denied that their outage could be caused by a distributed denial of service attack but I’m yet to be convinced – especially given their very vague explanations,” he says.

Indeed, Whittingham says the outage “has all of the hallmarks of a DDoS attack”, given that the sole purpose of these types of attacks is to bring down entire websites.

However, he also points out that Facebook should be well guarded against these types of attacks. “They will use such incredibly huge volumes of bandwidth it’s perhaps difficult to see how they couldn’t absorb even a monumental DDoS attack.”

ALSO READ: U.S is now susceptible to cyber-attacks from China, Russia

He also questions what else could be lurking behind the scenes. “I suspect that this could well be an internal issue but, in the absence of any other evidence, who’s to say this internal issue wasn’t caused by some sort of attack – whether it be phishing, social engineering or otherwise.  After all, Facebook would make for a pretty big target if someone were to be successful.”

So, who would want to attack Facebook? If it was a cyber-attack, there are a number of potential threat actors who could be responsible, Dr. Guy Bunker, CTO at Clearswift says, including nation-states or a group sponsored by a nation-state. “There has been a lot of media attention on Facebook (and others) over their influence in politics with voting. Taking down the Facebook network shows just who is in control – and in this case, it isn’t Facebook. However, there is no (current) sign that this was a cyber-attack,” he points out.

Christopher Moses, director intelligence and investigations at Blackstone Consultancy says the chance that it suffered a massive DDoS “is remote but not impossible”.

He adds: “Unfortunately, it is far too early to say, so conspiracy theorists can stand down for the moment and I suspect that Facebook’s PR machine is kicking into overdrive to minimise the effect of the outage.”

The case against

It’s not a surprise that speculation is rampant about a security issue, given Facebook’s previous track record. But Tim Mackey, senior technical evangelist at Synopsys suspects the real reason “will be more mundane”.

Among the reasons for the outage, he suggests: “Perhaps a misconfiguration of some software, perhaps a hardware issue, or maybe simply a software update gone wrong are far more likely causes.”

Dr. Bunker says the outage it is far more likely to be a mistake by someone  – an administrator for example-  inside the organization. “Someone made a configuration change which ended up having a knock-on effect, which in turn took down the systems.”

Alternatively, he suggests it could have also been a reaction to something seen, such as someone attempting to breach the network – “where the decision was that it was better to take the network down to resolve the issue rather than have a potential breach”.

He explains: “These days networks are sufficiently complex that segregation is so difficult – particularly large cloud applications – that it becomes easier to shut everything down than run the risk of something ‘getting in’ and infecting the entire network.”

ALSO READ: Key areas to watch for cyber security threats in 2019

The outage will likely end up being an issue with either internal IT infrastructure or a network supplier’s connectivity, says Naaman Hart, cloud services security architect at Digital Guardian. He also questions why a service “as large and public as Facebook” isn’t fault tolerant.  “If every other service in the region were down, fair enough, but this looks like it just impacts Facebook and its child entities.”

To conclude

Of course, it’s impossible to answer the question definitively. But what’s always important in cases such as these is transparency. Facebook has been shady in the past with multiple accusations that it is abusing user data. It’s therefore important that it does update users with the reason for the outage, with specifics, as soon as it has completed its investigation.

“I do hope that Facebook follows radical transparency and details the real cause of this outage,” says Mackey. “Doing so would go a long way in communicating that privacy can continue to be trusted on their platform. It would also provide other organizations with information they can use to avoid a similar situation and improve our collective security online.”

We think you'd love these too...

Related posts

Leave a Reply

Your e-mail address will not be published. Required fields are marked *