In computing, a denial of service attack has been a practice deployed by groups and individuals to limit or bring down a web site for a number of decades.
In the age of social networking the denial of service attack has taken the leap from a pure networking phenomenon to a social weapon.
Through the use of social networks it’s possible for large numbers to communicate, plan and execute various ideas. At the same time, due to limitations in how social media presences are managed, individuals (or relatively small groups of people) can cause irreparable damage for brands.
The damage that can be caused isn’t just limited to online. We saw during the London riots last year how relatively easy it is for ideas to travel into the offline world.
With the viral way in which comments, ideas (and propaganda) can spread rapidly both within and between social networks - irrespective of whether they are true or false.
It’s also very simple to set up a hate group or write a negative blog post or submit a less than favourable review.
There’s plenty already been written about online reputation management and social media crisis management.
What I wanted to highlight was how easy it is to do execute more direct harm to a brand or a company that simply generating negative publicity or spreading poor and disappointing customer experiences.
Most social networks have the ability to report offensive or infringing material - and that’s a good thing.
The automated nature of many reporting processes means that nightmare situations can quickly occur. Such as when Sexual Futurist’s Facebook page was closed seemingly because of a oversight when using Facebook advertising that resulted in a significant number of complaints.
Another example is that of Bizarre magazine that a couple of years ago found multiple aspects of it’s web presence closed down after updates on various services were flagged as inappropriate.
This is an example of a social denial of service attack.
More bizarre was how a Swedish career-coach and social media profile was recently subjected to a “poo attack” where a “friend” uploaded a number of pictures of faeces to her Facebook wall before subsequently blocking her - making it difficult to discover or do anything about the problem - effectively a SDoS attack.
Pushing a company to bankruptcy?
Earlier this month, one of the largest electronic retail chains here in Sweden, Expert, went bankrupt. A few days later the stores re-opened their doors for a stock liquidation sale.
Outside many of the stores there were huge queues of people who were hoping to grab a bargain.
What if people get a taste for this kind of liquidation sale? What if people encouraged each other (via social media) not to shop at a particular chain?
We’ve seen this kind of campaigning for “legitimate” causes to try and change a company’s behaviour. There are also numerous review sites where company’s are judged and rated - negatively and positively.
How long before the power of social forces a legitimate company into bankruptcy? It might sound a little far fetched, but with the tools and platforms available to everyday people, it’s more simply achievable than you may think.
It might even happen unintentionally. Also earlier this month we saw the example of how a 15 year old Dutch girl’s party invitation going viral spreading to 30000 people, 3000 of which turned up in the small village of Haren in the Netherlands causing the cancellation of the party and the drafting in of 900 riot police to secure the town.
Social denial of service attacksSo social denial of service attacks can be of varying size and style:
A relatively small number of individuals disrupting a person’s or organisation’s social media activities by abusing the tools put into place to help protect users from abuse.
A large number of individuals drowns an individual or organisations social media activities in unwanted content, or spreads content that is incorrect, misleading or undesirable.
The first mention I can find about SDoS attacks is by Joe Gregorio and how working group mailing list has it’s progress (deliberately) derailed with a constant stream of objections and wildly divergent proposals.
The phenomena was brought up again by Reuven Cohen in 2009 in relation to a spate of social hacktivism attacks.
Can it be prevented?
Many social denial of service attacks are impossible to predict or prevent; perhaps at best you can be aware of the possibility and perhaps be prepared - especially if you rely very heavily on a particular social platform.
How do you think you could prepare or prevent a social denial of service attack?