Twitter, Facebook, Denial of Service Attacks

crowdsTwitter and Facebook were down some today due to “Denial of Service” (DoS) attacks. Here’s some information on what they are, how they occur, and what you can do as a netizen to help prevent them!

A DoS occurs when a malicious programmer or programmers unleash commands across thousands computers that have been infected with viruses (those computers are referred to as “zombies”) telling them to “hit” or visit a specific web site on a specific date and time. Large popular sites are typically the victim. These large sites (Google, Apple, Yahoo, Microsoft) have complex back end programming that make the site run as expected as well as front end programming to control the incoming traffic and direct it to available servers, known as load balancing.

A DoS attack is like thousands of people converging on Wal-mart for a giant sale and the crowd overwhelms itself thereby preventing anyone from getting in.

Say Wal-mart has 6 big front doors. As you approach the entrance a family of 5 shows up and heads for the first door. You naturally head for one of the other doors. You’ve “load balanced” yourself by picking an entrance that is less crowded. The routers that sit in front of the server farm that houses the Twitter WEB and DATABASE servers does that load balancing for the requests that come into Twitter. They notice that servers 1,5,8, and 10 are busy so they send your request for your Twitter page to server 2.

When hundreds of thousands of people (requests) rush the doors (front line routers) the doors just can’t organize (load balance) fast enough. And even if they could, the WEB and DATABASE servers sitting behind them can’t answer the requests for pages fast enough. Even if 100,000 people managed to get into the store, there wouldn’t be enough employees, shopping carts, or space to handle the crowd, and everything would screech to a halt.

Hacking is when a malicious entity actually gains direct access and control of the WEB and DATABASE servers. That DID NOT happen today. Today was the DOS attack – the swarm of hundreds of thousands of simultaneous requests that overwhelmed the ability of the Twitter servers to respond. There is very little that can be done about that, because the attack is actually carried out by “zombie machines” – perhaps even the one on your desk via which you are reading this article!

I am not kidding.

If you have a PC, and you run a Windows OS, and you are not incredibly vigilant about your anti-spyware software, there is a decent chance that you have inadvertently been infected with viruses and your machine could be used to unknowingly join the other “zombie” PCs and assist in these DoS attacks.

System Administrators (Sys Admins) see malicious efforts to hack into their sites frequently. You rarely see a well-managed site actually get hacked, as there is a lot a Sys Admin can do to protect from the inside. Much less can be done to protect from zombies converging on the outside. By looking at the unique IP address of the attempted hacker, a Sys Admin can block incoming traffic from that IP or group of related IP addresses. With a DoS attack, the requests are literally coming from all over the world, via unsuspecting zombie computers that are infected with a virus.

Now please go out and get a Mac or go clean up your PC!