Although the outage happened hours after Facebook filed a motion to dismiss yet another FTC lawsuit accusing the tech giant of monopolising the social media space, and a day after whistle blower and former Facebook product manager Frances Haugen – having exposed FB’s, allegedly, socially irresponsible practices – revealed her identity, presumptions suspecting a hack seem un- justified.
Instead, in accordance with Facebook’s comment to Reuters blaming “a faulty configuration change on the backbone routers that coordinate network traffic between our data centres” for the issues, there is consensus among cyber-security experts that the blackout is unlikely to have been caused by a malicious attack. Doug Madory, director of internet analysis at network monitoring company Kentik, said someone at Facebook caused an update to be made to the company’s Border Gateway Protocol (BGP) records by which Internet service providers of the world share information about which of them are responsible for routing Internet traffic to which specific groups of Internet addresses. As a result, as cyber-security expert Brian Krebs described it, Facebook took away “the map telling the world’s computers how to find its various online properties.” The incident, if indeed a result of a faulty configuration, can be a striking example of the extent of the damage this error can cause to a digital operation. Although, thankfully, Facebook maintains there has been no data loss, a similar incident may catch the eye of opportunist hackers and result in data leaks or ransomware attacks as well.
Concerns about the role misconfiguration plays in paving the way for security breaches has been thrown into sharp relief as businesses are increasingly migrating to the cloud. It usually happens when a company – out of negligence or a false sense of security – fails to implement all the security controls for a server or web application or does so with errors. Typically caused by insufficient firewall protection, old and out-of-date web applications and default account settings, security misconfigurations rank fifth in 2021 on the OWASP (Open Web Application Security Project). However, it is still early to say whether the Facebook outage and users’ desperation to get back into their accounts have in fact been taken advantage of by any cyber-criminals for social engineering purposes or whether any data has actually been stolen.
Facebook’s first and for a considerable time only communication about the blackout has been a tweet reassuring users that the tech giant is aware of the trouble they face accessing Facebook apps and products. And Facebook was not the only one flocking to the mini-blog service as Twitter greeted “practically anyone” after Facebook, Messenger, WhatsApp and Instagram users resorted to the most handy alternative to the platform conglomerate. And although Mark Zuckerberg, CEO of Facebook has cited competition from TikTok, iMessage, Twitter, Snapchat, LinkedIn and YouTube to reject charges of monopolising the social media space, this incident has demonstrated to the contrary – for the 3billion users of the tech giant who socialise, run their businesses, order food and log into their other accounts on Facebook, Twitter or any other social media players can only serve as a contingency plan until things get back to normal. Truth is, as The Register has pointed out, “over the past 17 years, the social network has effectively evolved into critical infrastructure.”
For more detailed information on, go to https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp