Is Twitter The Peasant’s New Pitchfork?

July 5, 2009 by ADMIN
Share |

By Richard Stiennon, Chief Research Analyst, IT-Harvest

The Financial Times devoted a lot of space and ink to social networks this Friday.

They raise questions like “Is Twitter a social craze?” implying that it will go the way of pet rocks and beany babies. But the numbers and the cross-border pick up indicate that no, Twitter and Facebook are bigger than that.

As the Twitter-Iranian revolution subsides somewhat it is time to reflect on the new face of social networks we have seen.

Twitter especially was used as a tool for expressing social outrage. At one point 2.5% of the messages on Twitter were tagged with #IranElection, a huge number.

Iran was at the top of Twitter’s trending topics for over a week. I will let bloggers at Slate.com dwell on the implications for society that the death of Michael Jackson put an end to Iran’s position at the top of the social awareness scale.

I am tempted to say that the use of Twitter to foment Denial of Service Attacks against Iranian government web sites is new.

Yet that is not the case.

Crowd sourced DDoS has been effectively used for at least a decade. Attacks against SCO during their ill advised legal maneuvers to monopolize Unix were an early example. Russia used Internet forums to broadcast links to Estonian sites they wanted taken down.

Twitter is just a better faster way to get thousands of people to join a cause; either by adopting a hash tag and re-tweeting, or by participating in a DDoS.

The now famous Motrin incident last November was the first inkling that Twitter could give voice to mass outrage. In that case the reaction from Motrin was an apology for their somewhat condescending ad and the immediate removal of said ad from Motrin.com

Exhortations to attack Iranian sites first appeared on the Monday following the twisted elections.

They were almost exactly like the instructions that hacktivists post to Internet forums with instructions to download special software and target particular sites.

The next day Twitter posts linked to a site that had pagereload.com links; each one would open a separate tab in your browser and continuously refresh. There was even a Google Doc used for this. It would only take a few hundred people doing that to take down most web servers.

By the third day there were links posted to Twitter that only required you to click on them and a page would open with 15 or so frames, each refreshing continuously on Iranian web sites.

We saw people posting when the DDoS attacks were successful - but they were only intermittently successful.

Like other actions performed by crowds, keeping up a continuous effort is hard to do.

A few enthusiastic fans at a baseball game can get a wave rolling around the stadium but it always dies out after a few passes.

A chant at a football game can embroil everyone at the event but it too dies out. While it may be possible to get someone to donate their computer to an attack they soon tire of their own machine being slowed by the activity.

And thus DDoS attacks promulgated through Twitter, while devastating in the short term are indeed short lived.

Twitter has changed the DDoS game by making it even easier for millions of people to choose to participate in an attack based on spontaneous outrage.

Imagine Twitter with 100 million participants during the next US election if there is a “hanging chad” incident.

But, like any action carried out by a mob, it will not be as effective as direct methods, in particular botnets, for causing long term outages.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner’s Thought Leadership award and was named “One of the 50 most powerful people in Networking” by NetworkWorld Magazine.

*   *   *

Stay Informed With ISR News Feeds and Email Alerts Here: 

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Government, ISR News, Insider Threat, Military, PCI, Richard Stiennon, Uncategorized, hackers, healthcare, identity-theft, malware, national security, privacy 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

One Comment on Is Twitter The Peasant’s New Pitchfork?

  1. courtney benson on Mon, 6th Jul 2009 4:47 am

    2. I agree with the conclusion but think that techies will go to plan B, C to outsmart the Iranian authorities over time. The use of technology is a constant game of one besting.

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!