Facebook: DDoS Attack Didn't Cause European Outage

Facebook said technical issues caused downtime that made site temporarily inaccessible in parts of Europe.

Mathew J. Schwartz, Contributor

March 8, 2012

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Top Technology Venture Capitalists

10 Leading Enterprise Social Network Platforms


Facebook Apps In Action (click image for larger view and for slideshow)

Facebook was intermittently unavailable across parts of Europe Wednesday, and at least one national security warning team said that it was due to a distributed denial of service (DDoS) attack.

"There is an ongoing DDoS attack towards Facebook. Accessing your Facebook account can temporarily fail," reported Belgium's Computer Emergency Readiness Team (CERT.be) via Twitter Wednesday.

Likewise, earlier that day, Icelandic member of parliament Birgitta Jonsdottir said via Twitter, "Facebook down in most of Europe, Egypt, Turkey, Russia: how about Asia, north and south America?" The site appeared to be suffering intermittent outages for users in some parts of the world for at least 12 hours, according to monitoring service downrightnow.

Facebook has blamed the outages on technical faults. "Today we experienced technical difficulties causing the site to be unavailable for a number of users in Europe," according to a statement released by Facebook. "The issue has been resolved and everyone should now have access to Facebook. We apologize for any inconvenience."

[ You never know where hackers will strike next. Read Sony Suffers Michael Jackson Song Hack Attack. ]

Facebook did not respond to a detailed request for comment about whether the outage had been traced to a DDoS attack, but the evidence has begun to look thin. Notably, CERT.be pushed a new tweet Wednesday calling into question its earlier analysis. "Just to be clear: CERT.be can't confirm #DDoS attack on #facebook. Our tweet this morning about #DDoS attack was based on earlier threats."

Facebook's last major downtime was in September 2010, when a lengthy outage was caused in part by error-handling routines in the social network's database software failing. Later that year, a Pages update also led to a short site outage.

This most recent outage came as Facebook prepares to go public with an IPO that will raise an estimated $5 billion, valuing the company at $75 billion to $100 billion. The initial stock sale is expected to happen this spring.

If security monitoring agencies seem overly quick to dub large-scale outages as DDoS attacks, it's likely due to hacktivist collective Anonymous, as well as such offshoots as AntiSec, promising to continue their exploits in the wake of core LulzSec members being indicted for hacking, amongst other charges. Recently, hacktivists have taken down parts of Panda Security's website, over its helping Interpol to bust 25 accused members of Anonymous.

But there have been a number of recent exploits that turned out, upon further examination, to not be exploits. Notably, a January 2012 Transportation Security Administration memo detailed a December 2011 targeted hack that delayed trains for a short period of time. Industry officials, however, strongly disputed that assertion, saying that "there was no targeted computer-based attack on a railroad."

Likewise, in November 2011, the Department of Homeland Security's Illinois State Fusion Center warned that an Illinois water processing plant outage had been caused by a hack attack launched from Russia. Upon further investigation, however, DHS and the FBI said that the outage had been caused solely by a hardware failure. Meanwhile, the mystery Russian attacker turned out to be a legitimate U.S. contractor who'd been asked to log in and fix a problem, while he was vacationing in Russia.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights