Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Facebook: DDoS Attack Didn't Cause European Outage

Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.

Top Technology Venture Capitalists
Facebook Apps In Action
(click image for larger view and for slideshow)
Facebook was intermittently unavailable across parts of Europe Wednesday, and at least one national security warning team said that it was due to a distributed denial of service (DDoS) attack.

"There is an ongoing DDoS attack towards Facebook. Accessing your Facebook account can temporarily fail," reported Belgium's Computer Emergency Readiness Team (CERT.be) via Twitter Wednesday.

Likewise, earlier that day, Icelandic member of parliament Birgitta Jonsdottir said via Twitter, "Facebook down in most of Europe, Egypt, Turkey, Russia: how about Asia, north and south America?" The site appeared to be suffering intermittent outages for users in some parts of the world for at least 12 hours, according to monitoring service downrightnow.

Facebook has blamed the outages on technical faults. "Today we experienced technical difficulties causing the site to be unavailable for a number of users in Europe," according to a statement released by Facebook. "The issue has been resolved and everyone should now have access to Facebook. We apologize for any inconvenience."

[ You never know where hackers will strike next. Read Sony Suffers Michael Jackson Song Hack Attack. ]

Facebook did not respond to a detailed request for comment about whether the outage had been traced to a DDoS attack, but the evidence has begun to look thin. Notably, CERT.be pushed a new tweet Wednesday calling into question its earlier analysis. "Just to be clear: CERT.be can't confirm #DDoS attack on #facebook. Our tweet this morning about #DDoS attack was based on earlier threats."

Facebook's last major downtime was in September 2010, when a lengthy outage was caused in part by error-handling routines in the social network's database software failing. Later that year, a Pages update also led to a short site outage.

This most recent outage came as Facebook prepares to go public with an IPO that will raise an estimated $5 billion, valuing the company at $75 billion to $100 billion. The initial stock sale is expected to happen this spring.

If security monitoring agencies seem overly quick to dub large-scale outages as DDoS attacks, it's likely due to hacktivist collective Anonymous, as well as such offshoots as AntiSec, promising to continue their exploits in the wake of core LulzSec members being indicted for hacking, amongst other charges. Recently, hacktivists have taken down parts of Panda Security's website, over its helping Interpol to bust 25 accused members of Anonymous.

But there have been a number of recent exploits that turned out, upon further examination, to not be exploits. Notably, a January 2012 Transportation Security Administration memo detailed a December 2011 targeted hack that delayed trains for a short period of time. Industry officials, however, strongly disputed that assertion, saying that "there was no targeted computer-based attack on a railroad."

Likewise, in November 2011, the Department of Homeland Security's Illinois State Fusion Center warned that an Illinois water processing plant outage had been caused by a hack attack launched from Russia. Upon further investigation, however, DHS and the FBI said that the outage had been caused solely by a hardware failure. Meanwhile, the mystery Russian attacker turned out to be a legitimate U.S. contractor who'd been asked to log in and fix a problem, while he was vacationing in Russia.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13386
PUBLISHED: 2020-05-27
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled...
CVE-2019-20806
PUBLISHED: 2020-05-27
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
CVE-2020-10737
PUBLISHED: 2020-05-27
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
CVE-2020-13622
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVE-2020-13623
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.