Popular social networking sites have recently been barraged by highly publicized security breaches over the past few weeks. Popular micro-blogging service Twitter has suffered three denial-of-service attacks in the past two weeks which completely shut down the site for a few hours to nearly a whole day. “Denial-of-service” attacks disrupt Web sites by utilizing millions of computers to overwhelm a particular site. Other social media sites, such as blog conglomerate Gawker Media and Facebook, have also been hit recently.
About 19% of all hacking incidents are attacks against social networks, according to web security firm Breach Security, making it the most targeted category of any kind in 1H 2009. In Twitter’s case, its first two recent attacks were believed to be targeting only one activist user, a Georgian professor posting about the war between Georgia and Russia. But the latest attack on Tuesday was not immediately linked to that user, and, to make matters worse, countermeasures put in place by NTT America (Twitter’s network provider) may have made the problem worse. Others say that Twitter’s vulnerability is due to its reliance on a single network provider and poor internal preparation. These attacks are the third major security breach on the service this year – the last occurred when a hacker gained access to employee email accounts and stole numerous documents (including business plans and employee information). In January, Twitter was forced to review its defenses after a number of high profile accounts were hijacked by hackers.
Twitter is one of the fastest growing sites on the Web today — with 72.5% of total users signing up for the service in the first six months of 2009, according to analytics firm Syosmos. Along with user growth has come hundreds of third-party Twitter applications that extend the functionality and accessibility of the platform. With this exploding popularity comes greater attention from hackers and more points of vulnerability.
Experts say Twitter, Facebook and others must, and will, get security right. Even though Twitter’s latest DoS attacks were only targeting one user, it shows the vulnerability of the entire business model. The concern is a boost for IT security vendors, which see the social networking community as a breeding ground for internet-based threats. “Social security” deal activity is heating up. Defensio, for example, a platform for blocking spam comments on blog sites, was acquired in January by Websense, a major Web, email and data security provider, Cyveilance, which monitors social media and other web sources for emerging threats, was acquired by QinetiQ North America earlier this year to boost its online data tracking capabilities.
These are early days for social media, so expect a lot more investment in and acquisitions of emerging security vendors focused on addressing the attendant risks.