Why a DDoS attack did not take down Facebook
On March 13, Facebook suffered a significant outrage, along with its subsidiary social media platforms WhatsApp and Instagram. This caused many people across the Internet to believe that the company had experienced a denial-of-service (DDoS) attack. But it turns out that these people were entirely wrong.
At the time of the outage, Facebook actually had to use Twitter to announce that, while it had not yet determined what caused the problem, it was certain that a DDoS attack was not the culprit.
What actually happened to the websites was not clear at the time it happened. At first, the company said that the issues were related to application programming interface (API) requests that were not functioning correctly. This led some experts to speculate that the problem may have been linked to a domain name system (DNS) problem or to a maintenance issue. Though the following day the company indicated that the problem was actually related to a server configuration change that they had initiated and that they had subsequently fixed it.
But even before the company issued this statement, it was clear to Internet security experts that a DDoS attack had not caused the outage. Troy Mursch, who is a security researcher who publishes the Bad Packets Report and who closely follows attacks, said that there was no evidence whatsoever that an attack had brought down the sites and that his company had confirmed that there had been no such attack.
This does not mean that hackers do not attempt to attack Facebook. They do so all the time. Once they even gained access to 30 million user accounts. But the value in attacking the social media platform comes from accessing its data not from shutting it down. What’s more, even if some hackers wanted to shut the website down, it is not clear whether they could actually accomplish this.
Primarily, a DDoS attack works by overwhelming a site with lots of web traffic. By doing this, it becomes difficult if not impossible to load a web page or update an app. Such attempts are not uncommon. Last year, according to a network security firm called NetScout, hackers sent 1.7 terabits per second (Tbps) of data to a single website. In another attack, GitHub received 1.35 Tbps of traffic. But neither of these attacks actually brought their targets down.
According to Alex Henthorn-Iwane, who is the vice-president of a network security company called ThousandEyes, the reason that these attacks do not work on large websites is that the sites have massive amounts of bandwidth and connectivity at their disposal. So, they can handle practically any traffic a hacker could conceivably throw at them. He further believes that these companies have designed their systems specifically to handle such attacks.
The most disruptive DDoS attacks in recent years have focused not on individual websites but on Internet infrastructure. In 2016, an attack shut down large chunks of the U.S. East Coast by attacking a company called Dyn that handles DNS services, which typically do not require large amounts of resources. So, the company was not prepared for an attack.
Security experts believe that automatically associating website outrages with attacks makes their job even more difficult. This is because, while they are trying to both determine what caused an outage and get the truth out, they have to deal with being inundated with a flood of misinformation over social media. They say that while hackers will continue to compromise large websites, people should understand that they will unlikely be able to bring them down through DDoS attacks.