Should I be concerned using Twitter since they were attacked by hackers?
This question was answered on August 7, 2009. Much of the information contained herein may have changed since posting.
The recent shutdown of Twitter by what is referred to as a Distributed Denial of Service (DDoS) attack should not concern Twitter users from a security or privacy standpoint.
A DDoS attack is generally used to render a website useless because the attackers have an agenda that is served by wreaking havoc on the site In most cases, it is financially motivated (blackmail) or cause motivated (we want you to change the way you do business, etc.), but we have yet to understand the motivation behind this attack.
Think of it as a very popular radio station contest that generates so many callers that no one can get through A DDoS is simply the ability to get a large number of computers to all simultaneously bombard a single website with thousands of requests, which makes it impossible for regular traffic to get through (we all get a ‘busy’ signal).
Since Twitter was not the only site attacked, it’s very likely that someone was using this as a demonstration of a powerful ‘botnet’.
As we have discussed in this column before, botnets are a collection of infected computers that can be remotely controlled by a single computer to perform any instruction that is sent out.
Many of today’s viruses and worms are designed to slowly and silently ‘recruit’ agents for these networks as the larger the botnet, the more damage, spam, identity theft and other malicious activities it can generate.
This means that many of you that are reading this column are unknowingly participating in these attacks, because your computer has silently been infected and recruited as an agent on a botnet.
Once the network of compromised computers gets big enough, it’s offered out to the Internet underworld as a ‘rental by hour’ weapon to do whatever the renter wants to do with it.
Unless you have built a business around your ability to use Twitter, you shouldn’t really be too concerned about the attack as DDoS attacks of various forms have been going on for over a decade.
Past high profile DDoS attack victims include CNN, Yahoo, E-bay & Microsoft just to name a few and these types of attacks will continue to plague the Internet
The real awareness from this event should be that if we all made sure that our computers were kept up-to-date and avoided dangerous activities that expose us to becoming a silent agent, these types of attacks would be less likely
Unfortunately, far too many Internet users are ‘asleep at the wheel’ when it comes to keeping their computer maintained and protected from the daily threats.
You are most likely to become infected by a botnet agent if you don’t relentlessly keep your operating system (Windows, MacOS, etc.) and anti-malware programs up to date and especially if you are careless about what you click on or download (fake video scams are very popular at the moment).
Users of file sharing networks, adult content sites, crack code sites or any of the fringe activities on the Internet are at a much higher risk of being infected as what you think you are downloading or viewing is distracting you so the agent can slip in behind the scenes.
As I have said for years, if you live in a household with high-speed Internet and teenagers, you better make extra sure you understand what kind of activity is taking place on your computers.
Hackers know that teenagers are fearless on the Internet and the they always look to get something for nothing, so they plant infected files all over the Internet where they know teens like to congregate.
Botnet agents are very good at hiding from your security software, so in addition to keeping everything updated, if you notice that your computer’s hard drive light or Internet activity lights are constantly flashing when you aren’t doing anything, have a technically experienced person ‘take a look under the hood’ to make sure that you aren’t unknowingly part of a botnet.
About the author
Posted by Ken Colburn of Data Doctors on August 7, 2009