Business Continuity Management / Disaster Recovery , Governance & Risk Management
Facebook Denies Hackers Caused Outage
Blames Brief Outage on Technical ProblemFacebook dismisses suggestions that its brief Jan. 26 website outage was triggered by a hack attack or U.S. blizzard conditions, and instead blames an internal technical error.
See Also: Gartner Guide for Digital Forensics and Incident Response
"Many people had trouble accessing Facebook and Instagram," a Facebook spokeswoman tells Information Security Media Group. "This was not the result of a third-party attack, but instead occurred after we introduced a change that affected our configuration systems. We moved quickly to fix the problem, and both services are back to 100 percent for everyone."
The Facebook outage reportedly lasted for more than an hour for some users, and was not confined to the United States. Other apps and services that rely on Facebook - including photo-sharing site Instagram - were reportedly also knocked offline by Facebook's outage. But other apps that don't appear to use Facebook's services, including dating app Tindr, and the instant messaging programs and chat clients AIM and HipChat, also appeared to have been disrupted.
Facebook said the technical problem, which centered on its API servers and started Jan. 26 at about 22:10 PST, "was resolved at 23:10 PST and the site stabilized shortly afterwards," according to its developer's site. "We are sorry for any inconvenience this may have caused you and the users of your apps."
Facebook's statement on its disruption comes in the wake of - and refutes - the distributed-denial-of-service attack gang Lizard Squad appearing to take credit for the outage, via its Lizard Mafia Twitter account. The group posted the following message: "Facebook, Instagram, Tinder, AIM, Hipchat #offline #LizardSquad."
Some commentators used the Facebook outage to suggest that people rethink their social network habits. "I hope you all took advantage of the 35 second Facebook outage to Like a person in real life. #Faceboogeddon," tweeted media analyst Arthur Goldstuck.
"Facebook's been down for an hour and I've already written four novels and a symphony," tweeted Australian journalist "McGrumpypants."
Outage Triggered Further Disruptions?
Based on website outage information produced by multiple Internet-monitoring firms, the Facebook outage also appeared to coincide with - or perhaps trigger - disruptions in other services, including Akamai's content delivery network. "So if this is right, the FB outage was big enough that [its] knock-on effect caused a DDoS-like outage to its CDN, Akamai," tweeted Marc Rogers, a principal security researcher at DDoS defense firm CloudFlare. Akamai's disruption could explain why services that don't rely on Facebook - such as HipChat, AIM and Tinder - were reportedly also offline during the Facebook disruption, because all appear to use the Akamai CDN, Rogers says.
So if this is right, the FB outage was big enough that it's knock-on effect caused a ddos like outage to its cdn, akamai.
� Marc Rogers (@marcwrogers) January 27, 2015
Akamai declined to comment on the analysis from Rogers. "By policy, Akamai does not comment on other companies' business," says Akamai spokeswoman Karine Gourdon. "That being said, Akamai services are performing as expected."
Lizard Squad Promises Data Leak
A tweet by Lizard Squad, which appeared to claim credit for the Facebook disruption, arrived less than 24 hours after the hacking group claimed credit for a Domain Name System compromise of the Malaysia Airlines website (see Malaysia Airlines Website Hacked). The hackers rerouted website visitors to a page that displayed the group's logo - a monocled lizard, wearing a top hat - together with a "404 - Plane Not Found" spoof error message.
Malaysia Airlines issued a Jan. 26 statement promising its customers that "user data remains secured" and said full service would be restored as DNS fixes slowly propagated globally. By Jan. 27, the site appeared to have been fully restored.
But Lizard Squad has disputed the airline's promise that the hack attack was limited to rerouting and defacing its website. "We would like to point out that @MAS is lying about user data not being compromised," the group tweeted. Lizard Squad also released travel itineraries for some Malaysia Airlines passengers - including one Malaysian government minister - that are reportedly authentic.
Lizard Squad, in a Jan. 27 tweet, threatened to release more stolen data stolen from Malaysia Airlines. While the group hasn't specified exactly what data it obtained from the airline, it has suggested that it pertains to corporate e-mails.
More to come soon. Side note: We're still organizing the @MAS email dump, stay tuned for that.
� Lizard Squad (@LizardMafia) January 27, 2015