![](\"https:\/\/media.wired.com\/photos\/5c897f7346e19a01ab72c081\/master\/pass\/facebookhack-security-1052438512-final.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Wed, 13 Mar 2019 23:18:13 +0000<\/strong><\/p>\n It happened again. Facebook<\/a> went down in pockets<\/a> around the world for several hours Wednesday, as did Facebook-owned Instagram and WhatsApp. The outage inspired the usual existential jokes\u2014and rush to news sites<\/a> to fill the void\u2014but it also gave rise to conspiracy theories<\/a> that hackers were the cause. As is almost always the case, those theories are wrong.<\/p>\n Facebook confirmed as much in a tweet<\/a>, saying that while it was still investigating the root cause of its woes, it had ruled out a distributed denial of service attack. On the surface, DDoS makes for a reasonable enough suspect; as a class of attack, its whole purpose is to bring sites down. But assumptions that hackers would hobble not just Facebook but also Instagram and WhatsApp with a DDoS attack rely on a shaky grasp of what that would entail and how prepared companies are to stop them.<\/p>\n For its part, Facebook has provided vague guidance as to what actually did happen. \u201cWe are currently experiencing issues that may cause some API requests to take longer or fail unexpectedly,\u201d the company wrote<\/a> on a developer status page. "We are investigating the issue and working on a resolution.\u201d That could indicate a wide range of culprits, from routine maintenance gone awry to a Domain Name System<\/a> issue. [Update:<\/strong> Facebook confirmed Thursday that the problem stemmed from a "server configuration change that triggered a cascading series of issues." It has since resolved the issue.<\/em>]<\/p>\n Even before that disclosure, it was apparent that the down time was unrelated to any sort of cyberattack. "I can confirm that it has nothing to do with outside hacking efforts," wrote Facebook spokesperson Tom Parnell in an email to WIRED Wednesday. But you don\u2019t even have to take Facebook\u2019s word for it.<\/p>\n \u201cThere\u2019s no collaborating evidence of any kind to indicate a malicious attack,\u201d says Troy Mursch, a security researcher who runs Bad Packets Report<\/a>, which keeps close tabs on the activity of botnets and network attacks that cause actual harm. \u201cIn regards to an actual attack or any widespread attack, we can confirm that is not the case there.\u201d<\/p>\n Which is not to say that hackers don\u2019t try to compromise Facebook every day. They do! They\u2019ve even succeeded at least once, compromising account data of a whopping 30 million users<\/a>. But Facebook\u2019s value for criminals<\/a> rests in its data. Taking it offline doesn\u2019t serve any obvious ends. And even if it did, it\u2019s unclear who might be able to pull it off.<\/p>\n At its most basic level, a DDoS works by throwing more traffic at a site or service than it can handle. By overwhelming servers, a successful DDoS will make it impossible for anyone to pull up a page or refresh their app. They\u2019ve also gotten huge; in 2018, network security firm NetScout spotted<\/a> a DDoS that funneled 1.7 terabits per second of data at a single target. Around that same time, GitHub got slammed with a 1.35 Tbps attack<\/a>. What those assaults have in common, aside from their girth? Neither of them succeeded.<\/p>\n DDoS itself isn\u2019t a solved problem<\/a>, especially as perpetrators have found clever ways to incorporate so-called memcached servers and ransomware into the mix\u2014Netflix even DDoS\u2019d itself once<\/a>, to demonstrate a novel technique. \u201cIt\u2019s always an arms race between the attackers and the defenders,\u201d says Roland Dobbins, a principal engineer at NetScout. \u201cThat\u2019s the nature of the beast. It\u2019s what we\u2019ve seen over the last 25 years or so of DDoS attacks on the public internet.\u201d<\/p>\n But while roughly 20,000 DDoS attacks take place every single day on the public internet, Facebook makes for an exceedingly unlikely target. \u201cIf you\u2019re a DDoS attacker and you\u2019re trying for a big target, and you want to have a big impact, you would probably look for an organization or a brand that doesn\u2019t have as much connectivity to begin with,\u201d says Alex Henthorn-Iwane, vice president at network security firm ThousandEyes. \u201cA Facebook, a Google\u2014those kinds of companies\u2014are so massive, and their bandwidth and interconnectivity is so huge, that they can effectively absorb large-scale attacks on their own. And they undoubtedly have architected their internet connectivity to do just that.\u201d<\/p>\n Think of DDoS targets as wells and data as water. The smaller the well, the less water you need to overflow it. To flood Facebook, you\u2019d need to drain Lake Erie.<\/p>\n That\u2019s why truly disruptive DDoS attacks have focused on boring infrastructural corners of the internet. A 2016 blast that shut down the internet<\/a> for much of the East Coast didn\u2019t hit individual sites but, rather, a company called Dyn, which handles the relatively data-light chore of DNS services. (It was also part of a Minecraft-related scheme. No, really<\/a>.)<\/p>\n None of the network security experts WIRED spoke with had seen any evidence of DDoS activity related to Wednesday\u2019s outage, or to similar issues Google services faced yesterday. Dobbins suggests that the real problem could be any number of things, including a "nontrivial" disruption of internet routing that occurred Wednesday afternoon, of which Facebook may have been collateral damage. ThousandEyes suggests it was likely an internal issue. Either way, as with every other time Facebook has gone down, it wasn\u2019t hackers.<\/p>\n The knee-jerk assumption that it is, though, has potentially corrosive effects. \u201cWhen stuff like this happens, affecting large infrastructure organizations like Facebook, it\u2019s going to be prone to conspiracy theories,\u201d Mursch says. \u201cThat kind of stuff is frustrating when we\u2019re trying to establish or present something that\u2019s factual, when you see social media spread that disinformation.\u201d<\/p>\n The idea of nation-state hackers taking down the world\u2019s biggest social network has plenty of appeal, both for its easy explanation of a prolonged inconvenience and for the touch of schadenfreude. But jumping to that conclusion only muddles an already confusing issue. Hackers will continue to target Facebook. DDoS attacks will continue to take down sites. But those two truths are much further from intersecting than the more paranoid corners of the internet would have you believe.<\/p>\n