Security

Facebook: Oi, Lizard Squad – we can take down our own site, ta

#OMG #Allourownfault #doh! #facebookdown

LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

A technical cockup – rather than hostile hacker action – is apparently the reason Facebook, Instagram and other Web 2.0 sweethearts fell off the internet on Monday.

Prankster hacking crew Lizard Squad was gloating over the downtime; Tinder also disappeared for a while during the outage of Facebook and its photo-sharing sister site Instagram.

Security experts were unconvinced it was caused by a distributed denial-of-service assault. Facebook also dismissed any suggestion it was DDoSed; its techies blame technical problem for the hour-long outage:

Facebook and Instagram experienced a major outage tonight from 22:10 until 23:10 PST. Our engineers identified the cause of the outage and recovered the site quickly.

You should now see decreasing error rates while our systems stabilize. We don't expect any other break in service. I'll post another update within 30 mins. Thank you for your patience.

It's understood a dodgy configuration change was pushed to Facebook's API servers, which caused them to fall over.

Hipchat blamed "database issues", while Tinder joked by making a reference to snow storms ravaging the north-eastern United States, and the recent Sony megahack. "EVERYBODY PANIC! ‪#Blizzard‬? North Korea? ‪#TindernetApocalypse‬," it said on Twitter.

Staffers behind AOL Instant Messenger (AIM) service are yet to comment on the incident. A trusted El Reg contact told us MySpace wasn't down, as Lizard Squad claimed, which suggests it was nothing but a dig by the miscreants at the unfashionable service.

The mass outage incident, which is rare but not unprecedented, illustrates the brittleness of social media services. A haiku El Reg's back-bench staff put together to mark a previous ‪#facebookdown‬ day last June can be found here.

Security expert Professor Alan Woodward of the University of Surrey said that Lizard Squad's boasts underline how easy it is for jokers to get publicity through unsubstantiated claims.

"The recent outage of Facebook and the subsequent speculation that it may be a cyber-attack demonstrates the difficulty in reporting cyber-attacks," Professor Woodward said. "Facebook has confirmed that the downtime was caused by an engineering mistake.

"However, the Lizard Squad had only to mention the problem on Twitter and it caused instant speculation that it was they who had caused the problem. In the same way that it is very difficult for law enforcement agencies to attribute blame for cyber-attacks, it is very easy for hacking groups to plausibly claim any significant online incident as their work," he added.

Lizard Squad is best known for launching the denial of service attacks that took down the XBox Live and PlayStation Networks at Christmas, shortly before launching a DDoS-for-hire service.

Over the weekend it ran a DNS redirection attack that hijacked surfers trying to reach the website of Malaysia Airlines and presented them with a defacement page instead.

The hacktivists claimed they hacked the main servers, swiping corporate emails and other sensitive information in the process. However, as with the latest attack there is nothing to substantiate this claim. ®

Sponsored: 2016 Cyberthreat defense report