When a social network is taken down by a distributed denial of service (DDoS) attack, it’s somewhere between “an inconvenience and real trouble” for an enterprise, according a security expert.
But there are other security breaches at sites like Twitter and Facebook that can be much more dangerous, said Vaclav Vincalek, president of Vancouver network support and security firm Pacific Coast Information Services Ltd.
Both Twitter and Facebook were brought under DDoS attacks Thursday morning.
The Twitter micro-blogging and social networking service was hit with a denial of service attack that rendered the site unavailable for users.
Twitter reported the attack in a post on its blog at about 11a.m.
“We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate,” the company said in a blog posting by Twitter co-founder Biz Stone.
In a status report about an hour following its acknowledgement of the attack, Twitter reported that the site was back up, but users still were having trouble reaching it. The site itself was down for about two hours before it resumed service, although Twitter remained under attack and warned users in another status update that as it recovered, users would experience “some longer load times and slowness,” as well as network timeouts.
The attack on Facebook did not appear to be as severe.
Facebook reported on its own Facebook profile Thursday that users may have had trouble accessing the site or its services because of the attack, but that the situation seemed well in hand by late morning in California, where the company is located.
“We have restored full access for most people,” the company reported. “We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.”
Users reported that Facebook was not loading properly or could not be accessed early Thursday, but the site seemed to be working properly by late morning.
The outages were only an inconvenience for most enterprises, but that could change, Vincalek said.
“In today’s environment, companies are using social networks to promote themselves,” he said. With the servers down, followers may miss corporate information that’s being sent out, and enterprises can’t monitor what’s being said about them.
Since there aren’t enterprise applications that are entirely dependent on Twitter, the outage isn’t a serious problem. However, if, in future, enterprises begin integrating Twitter into their workflow, that’s another story, he said.
And there’s the potential for loss if companies have made Twitter part of the sales channel, he said. Dell Computer Corp., for example, promotes deals on its PCs through Twitter; the channel accounts for several million in sales, according to Vincalek.
But social network attacks that don’t bring the site down are more dangerous, he said.
Hackers have managed to imbed malicious code in tweets, and enterprise users who are on the network can bring that code inside the firewall. The shortened URLs used in Twitter, for example, can be misleading and can take users to dangerous sites.
“You have no idea where the link is going,” he said.
“That’s where the immediate threat lies for organizations.”
Social networking sites “are not as concerned about security as, say, a banking site,” Vincalek said. “I’m not saying they’re oblivious … they have other things to worry about.”
— With files from Elizabeth Montalbano, IDG News Service (New York Bureau)