SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
User error causes six hour outage on Facebook, Instagram and Whatsapp
Wed, 6th Oct 2021
FYI, this story is more than a year old

Following a six-hour outage on Facebook, Instagram, and WhatsApp, bringing millions of digital lives to a halt, criticism of the company has been widespread.

Security analysts say while it's unlikely to be the result of a cyberattack. Facebook going down led to another surge in discussion about deleting accounts and the fragility of internet architecture.

"The global Facebook outage is far from the first occurrence of a major DNS failure but perhaps the most significant for society given the reliance on these apps," says IPFS ecosystems lead, Dietrich Ayala.

"Over the last 30 years, web infrastructure has failed its own ethos many times over - the cause of which is not the foundation of Transmission Control Protocol/Internet Protocol (TCP/IP). TCP is a communications architecture used for networking computers and communicating across the internet."

He says this protocol is highly resilient, reliable and ensures that data isn't damaged, lost, duplicated, or delivered out of order.

Ongoing internet shutdowns are a key indicator of censorship failure within the web's middle-tier segment, HTTP Domain Name System (DNS).

Under typical government orders, Internet Service Providers (ISPs) within a specific jurisdiction can be mandated to restrict and block website connectivity. This measure is completed when ISPs undertake URL-based blocking and block DNS servers, limiting access to all public Internet Protocol (IP) addresses. Social platforms that allow for immediate communication and freedom of speech, such as Twitter and WhatsApp, can also be blocked and shut down through these censoring parameters. While the original vision was a decentralised network with open access, the DNS architecture ensures that the network is centralised and tied up with ISPs.

"Notable figureheads, such as Tim Berners-Lee, are raising awareness of the issue but have not provided a clear solution to solve the problem," says Ayala.

"While a level of outcry is necessary, formidable action is needed from industry leaders. Most mainstream browsers today, such as Google Chrome and Mozilla's Firefox, are entirely dependent on DNS for web applications to function, providing no protection against this method of blocking internet access."

Axelar CEO and co-founder, Sergey Gorbunov, says, "Yesterday, we saw Facebook, Instagram, and WhatsApp go dark. Users couldn't access the services due to a plain network configuration error. So what went wrong, and how did Facebook get disconnected from the rest of the world?"

Gorbunov says the answer is in the not-so-well-known protocol known as the Border Gateway Protocol (BGP).

The BGP is not as well known as protocol suites such as TCP/IP, but it powers routing across the entire internet. At its core, the BGP helps autonomous networks operated by ISPs and organisations route and deliver traffic from one network to another. Just as air traffic controllers direct planes along specific routes, BGP directs internet traffic.

It enables users from different geographic regions to connect and access any application in the world. When a Facebook engineer pushed an incorrect update to their internal BGP configuration, it disconnected the Facebook network from the rest of the world, and users could not reach any of their desired applications.

"The need for a decentralised web has never been more acute," says TON Labs CEO and co-founder, Alexander Filatov.

"From an operational point of view, decentralisation protects against such outages as it doesn't rely on central points of failure and has no need for any additional infrastructure or servers. Yet, more importantly, it offers a faster and more secure experience, so once a critical mass of users migrate, the obvious and inherent benefits of decentralisation will ensure the retention of users and its long-term sustainability.

"We are moving ever closer to that point," he says.