top of page
Writer's pictureWembley Partners

News Tangles Over Facebook's Massive Outage

For many, Facebook (or shall we say, Meta?) is the internet. Imagine investing all your time, energy, and creativity in your favorite apps. Then one day, those services just unceremoniously disappeared.


That’s exactly what happened on Oct. 4, when reports of outages from Facebook and its associated apps Instagram and WhatsApp rippled across the world like wildfire as access to the platforms halted abruptly, marking this the longest downtime in the history of the company.


All three apps are owned by Facebook and share the same infrastructure. They all went down simultaneously, shortly before 5 pm (12 pm EST). Consequently, the communications of over 2 billion active monthly international users were suddenly disrupted.


In fact, all apps under the dominion of Facebook, such as Facebook Workplace, also ceased to function. During this global disruption, people felt a variety of emotions, not knowing what was happening, or if their data was still safe.


During the outage, news began to spring up on social media and news platforms of a massive data breach of historic proportions, which alleged the sale of 1.5 billion Facebook users’ credentials and personal data.


But news agencies seemed divided over this development. What’s more, security researchers surmised the outages were caused by a massive botnet attack.



The Element of Human Error


By Tuesday morning, Santosh Janardhan, Facebook’s vice president of infrastructure, offered a statement that the company wanted to “make clear” there was “no malicious activity, but an error of our own making.”


“During one of these routine maintenance jobs, a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally,”

said Janardhan, at the time. He did not elaborate on the specific nature of what caused the changes to occur.


“This disruption to network traffic had a cascading effect on the way our data centers communicate, bringing our services to a halt,” he said.


All these events unfolded in the wake of the first public appearance of a former Facebook employee-turned-whistleblower, which was featured as a 60 Minutes segment on the CBS network on Sunday, the day before the outage, leaking tens of thousands of internal company research documents.


With all the conflicting events being reported during the service blackout lasting nearly six hours, we are still left with the question, "What really happened?"



Unraveling the Tangled Thread


Facebook offered few words to users concerning the nature of the outage but gave the following statement on Twitter:


"We're aware that some people are having trouble accessing our apps and products. We're working to get things back to normal as quickly as possible, and we apologize for any inconvenience."

As the problem persisted, reports came in over Twitter by Facebook employees that the outage was more severe than users losing access to their Facebook accounts. The incident extended beyond the user level and was impacting the company’s daily productivity.


Employees claimed they could not enter their office buildings. Employees were declaring it a “snow day” because office duties could not get done under these conditions, even to the point of inhibiting internal collaboration apps.



Security Experts Discuss a Possible DDoS Attack


Connectivity between the various platforms appeared to fluctuate off and on, which is consistent with the effects caused by a Distributed Denial of Service attack (DDoS) on the DNS (Domain Name System) level, inhibiting Facebook products from behind being able to resolve their names.


A DDoS attack usually consists of a large number of connected online devices that have been hijacked by a threat actor, which is often referred to as a botnet, or robot network. The attacker can then issue commands to the entire pool of hijacked devices, traditionally for the purpose of sending spam, keylogging active user sessions on the infected devices, and of course, overloading web services, denying access to those services.


Saryu Nayyar, CEO of security research firm Gurucul said:


"As more facts about Facebook and its business practices become public, its users' anger seems to be on the rise. If they are attackers, they respond by attacking – in this case, possibly a DDoS attack that flooded the company's DNS server."

"This isn't the first time there has been a massive DNS attack; in 2016, DDoS attacks on October 21, 2016, targeting systems operated by DNS provider Dyn took down hundreds of companies."

"Many large organizations guard against the loss of their DNS by maintaining multiple DNS systems across different DNS providers. While the cause of Facebook's problem isn't yet clear, it would be amazing if they hadn't already set up multiple DNS providers," Nayyar added.

Security experts suggested that this was the most likely case, surmising that the attack was a retaliatory reaction to revelations disclosed by Facebook whistleblower Frances Haugen, which aired Sunday on CSB’s 60 Minutes.



Meet the Whistleblower


Haugen leaked thousands of pages of sensitive internal documents to the Wall Street Journal and to regulators. There, she outlined allegations that Facebook is aware that its multiple platforms influence violence, hate speech, and false reporting of current events based on its own data analysis, but is choosing profits over safety.


Additionally, she also alleged that the tech giant has made attempts to conceal evidence of this information. Haugen offered a prepared testimony before the Senate subcommittee on Consumer Protection, Product Safety, and Data Security on Tuesday, Oct. 5.


Haugen was recruited by Facebook in 2019 to help protect against election interference and served as a data scientist. The timing of the 60 Minutes segment in conjunction with the outage was considered suspicious. Although the connection between the two events seems connected, the relationship between the events is still inconclusive.



Facebook’s Rebuttal


Later that same day, Facebook’s CEO, Mark Zuckerberg, responded to the allegations of the whistleblower in a 1,316-word statement on his own Facebook profile, defending the company’s practices by rebutting Haugen’s deposition as a “false picture of the company”.


After the Senate subcommittee hearing, Facebook’s head of global policy management Monika Bickert told CNN in an interview that there were "mischaracterizations" in the “stolen documents” indicated by Haugen.



Scammer Seizes the Opportunity


While reports began to unfold, the story escalated into a new narrative, alleging that 1.5 billion Facebook user accounts had been compromised and were now being sold on a popular hacker forum. Interestingly enough, this development wasn’t taking place on the dark web, but rather on the public surface of the internet itself.


The post made by an overly ambitious scammer caused an uproar across social media and news agencies because if it was a matter of truth, it could be the data breach of the century. However, there was lacking one important element in the scammer’s claim: evidence.


Several suspicious Twitter accounts issued questionable statements that “the data of over 1.5 billion Facebook users” was in fact “being sold on a popular hacking-related forum,” quoting a news piece published by Privacy Affairs, a cybersecurity research company based in Romania.


The issue escalated even further when Senator Marsha Blackburn from Tennessee opened the Senate subcommittee hearing with the following statement:


“News broke yesterday that the private data of over 1.5 billion — that’s right, 1.5 billion — Facebook users is being sold on a hacking forum. That’s its biggest data breach to date.”

A spokesperson for Facebook, Jason Grosse, addressed the alleged breach of users’ data, saying that the “leak” was, in fact, a scam. “We're investigating this claim and have sent a takedown request to the forum that's advertising the alleged data," Grosse told Newsweek.


With evidence of an actual data breach being null at this point in the event history, it is still difficult to say with any actual certainly what really caused the outage in the first place due to circumstances that seem coincidental to the outage.


Though news reports continue to tell contradictory narratives, the fact still remains that this part of the Facebook outage saga is rooted in claims from online posts that lack tangible proof and therefore remain unverified.


An article by

Jesse McGraw


Edited by

Ana Alexandre


Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!


Comments


bottom of page