Though I gave up my Facebook account a while ago (just seemed to conflict with my job as a security professional), I am an avid user of Twitter (@m1a1vet). So when I was trying to throw out some tweets last week and TweetDeck showed there was a problem posting my latest 140 words (or less) of goodness, a tad bit of hostility welled up in my gut. What was the deal now? Another worm? Somebody flipped the wrong switch? Don't they understand that my sanity relies on the ability to quip? I mean really, why else would I have the TweetDeck app on my iPhone? I have to get this stuff out of my head, or it will explode like a Gallagher-ized watermelon!
So, I quickly IM'ed my buddy Martin McKeay (yes, I am name dropping - but he really is my friend) to ask if he was having issues as well. He was. Well crap. So I got to work because I didn't have anything else to do...
Then after a couple of hours passed, we all found out that Twitter was getting slammed by a DDoS attack (as well as Facebook and others). After a few days, we found out that the attack had a target. From the darkReading article:
"A pro-Georgian blogger called 'Cyxymu' was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques."
So here is some guy out there trying to do his part in keeping Georgia out of Russian clutches by Twittering intel, and someone (he says the KGB) decided to take everything down to keep it from happening (which lends a tab bit of credence to this guys claims, BTW). So my question is this: Is this the furure of social networking?
Seriously, this is a bit worrying. A lot of people use social networking sites for a lot of reasons. For one, look at all the info that has come out of Iran via Twitter during their recent uprisings. Twitter was a medium for a lot of good getting done in Iran (though if it helps ultimately is anyone's guess). Also, look at all the dollars, euros, pounds, and other currencies on the line because businesses do a great deal of communicating via social networks. Will this be available in the future if these sites can't stay up and running for any length of time? I guess I answered my own question there, and that answer is "no".
Now before you start calling me a FUD-monger, I realize that these sites stay up a large percentage of the time. And I know that our economy does not rely on these sites (yet). But it seems to me that these attacks will get more and more frequent as strife in the world keeps growing (and it frankly does not seem to be slowing down). There are people out there who are trying to use social networking tools that will lose that ability more and more because some group decides it doesn't like the message of another group and has some botnet resources at its disposal. That bothers me. A worm on Twitter just means you have to practice safe Internet practices. But a DDoS against Twitter or Facebook is not something you or I can do much about.
So what are these sites going to do in the future? Can they effectively protect against these threats? Currently, the answer is obvious. No. They are very susceptible. So what does it take? Most answers to protecting assets against DoS is simply that - protecting the asset. They focus on dropping the packets at the router (or an IPS or something similar) at the point closest to your company, AFTER it has already made it onto your "wire". So yes, you can do something to protect your servers. But if it is already filling your pipe, you are still effectively down to the rest of the world.
So what else can be done? Jamey Heary over at Networkworld has some good tips , two of which are ISP related (RTBH and various ISP offerings) which keeps the bits from getting to your pipe. And this is the key for these social networking sites. It has to be fought with the ISP. Yes, Facebook, Twitter, et. al. have data they want protected. But the key point in this scenario is to keep their services up and running for the world to use.
Seriously, I don't want to quit using Twitter. But if it becomes a huge nuisance, I will probably call it quits and start doing some work (I guess my boss would like that). And really, we don't want an uprising because Twitter being down is keeping me treat the world to my Tweets. I don't want to have that guilt on my conscience.
This story, "Is This the Future of Social Networking? " was originally published by Computerworld.