The truth behind the “biggest cyber-attack in history”
LightRocket via Getty Images
As hundreds of thousands of people reported mobile carriers and internet services down, and ‘DDoS’ started trending on Twitter, ‘Anonymous’ laid the blame on China and suggested a major cyber-attack was underway. Here’s what actually happened.
Early in the afternoon of June 15, people across the U.S. started noticing that they were unable to make calls or send text messages. Customer complaints soon popped up on social media suggesting multiple mobile carriers were all experiencing outages. But that wasn’t all: internet service providers, the social media platforms themselves, and online services from gaming to banking were all apparently going down like dominoes.
As reported by Jesse Damiani, the plot thickened as a supposed Anonymous news account with 6.5 million followers stirred the pot. YourAnonCentral tweeted that “The U.S. is currently under a major DDoS attack,” and included a handy attack map showing just how bad things looked. But looks can be deceiving, as can tweets from these accounts claiming Anonymous affiliation.
Pretty soon, the DDoS (Distributed Denial of Service) hashtag was trending on Twitter, and anyone experiencing any connectivity issue was blaming this major cyber-attack. A cyber-attack, YourAnonCentral speculated, was initiated by China. It didn’t take long for other media outlets to notice the story and publish articles claiming this was the “Largest cyber attack in history” amongst other things.
Investigating the truth behind the cyber-attack that wasn’t
I was not alone in having more than a few problems with this coordinated cyber-attack theory. As Marcus Hutchins, the hacker who saved the internet from the WannaCry worm, pointed out: the attack map being tweeted was showing a “random sample of global DDoS traffic.” It certainly didn’t indicate any out of the ordinary attack activity targeting the U.S.
Matthew Prince, CEO at DDoS protection specialist Cloudflare, also did a little bit of basic investigative work. What he found was absolutely no actual evidence that a significant DDoS attack was underway. There was “no spike in traffic to any of the major internet exchanges,” he tweeted, what’s more, the traffic to services that were being reported as under attack was showing as perfectly normal.
Most damning of all, none of the mobile carrier networks, internet providers or online services were reporting any major downtime. Apart from one: T-Mobile.
What happened at T-Mobile?
Mike Sievert, the T-Mobile CEO, issued a statement which confirmed that “T-Mobile has been experiencing a voice and text issue that has intermittently impacted customers in markets across the U.S.” which started just after noon EDT. “This is an IP traffic related issue that has created significant capacity issues in the network core throughout the day,” he said. The issue was eventually resolved in the early hours of June 16, and the internet returned to normal. I have reached out to T-Mobile for more information regarding the outages and will update this article if I hear anything further.
Retweets are not evidence, rumor is not fact
So, it turns out this was not the biggest cyber-attack in history but rather a case of retweeted complaints going viral. People unable to connect to services, because the T-Mobile network core was disrupted, reported those services as being down. People failing to connect calls to other mobile carriers reported them as being down. The cyber-attack fire being stoked by the supposed Anonymous affiliate retweet was all it took to propel this from being a single network incident, albeit a serious one, to becoming global news. The moral of this story? Don’t believe everything that ‘Anonymous’ accounts on Twitter say.
As Jake Moore, a cybersecurity specialist at ESET, says, “rumors spread like wildfire on the internet, and it’s usually horror sounding stories like this that travel the fastest. Fact-checking before sharing is vital, but as it takes time, many people tend to just read a headline before sharing it, which adds fuel to the fire.” When it comes to those so-called Anonymous accounts, this is especially important as numerous threats surrounding the publication of President Trump’s dirty laundry have proved. “Somehow, evidence in a story is now rarely required for many people who can’t wait to be the one to break the news to their contacts,” Moore concludes.