Cyber Intelligence Weekly

Cyber Intelligence Weekly (Oct 10, 2021): Our Take on Three Things You Need to Know

Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.

Away we go!

1. Facebook, Instagram and WhatsApp Endure Major Outage

A day after whistleblower Frances Haugen appeared on 60 Minutes, Facebook, Instagram and WhatsApp all experienced a major global outage. There were many rumors swirling around during this outage, everything from an adverse computer intrusion incident, to rumors of a self-inflicted wound by disgruntled insiders.

As Facebook would later report, the issue was related to routine maintenance that went awry. Santosh Janardhan, Facebook’s VP of Infrastructure, had this to say in a blog post, “During one of these routine maintenance jobs, a command was issued with the intention to assess the availability of global backbone capacity, which unintentionally took down all the connections in our backbone network, effectively disconnecting Facebook data centers globally. Our systems are designed to audit commands like these to prevent mistakes like this, but a bug in that audit tool prevented it from properly stopping the command.

Facebook, Instagram and WhatsApp Endure Major Outage

Due to the global backbone being down, their DNS servers disabled BGP advertisements, and the DNS servers eventually became unreachable, which made it impossible for users around the world to find Facebook’s infrastructure.

If you want to geek out, check out Cloudflare’s blog post on the outage, along with some great refreshers on all of these internet protocols. Having a mega-tech giant such as Facebook endure such an outage is a stark reminder to all IT professionals to always challenge change management procedures and to always have a plan for those low probability but high impact outages that could be looming in your infrastructure.

2. Major Telecom Provider Announces Five-Year-Long Security Breach

Syniverse, the telecom provider of backbone and exchange services for hundreds of carriers across the world, including large names such as AT&T, Verizon, and T-Mobile, revealed that it was the victim of a five-year-long cybersecurity breach.

The company notes on its website that it processes more than 740 text messages a year and has direct connections to over 300 mobile carriers. As an exchange network, they also carry sensitive data such as call records, data usage records and more.

The notification of this breach was buried in an SEC filing that it released at the end of September. The company notes in the filing, “Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers.

Syniverse also notes, “Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity.

The above sounds great for the purposes of an SEC filing, however, what if business disruption was not the goal of the hackers in question? If you can imagine, a breach of that magnitude and length is not an easy type of thing to pull off. Based off of those facts alone, signs would point to a nation state threat actor is at play here. Five years of call metadata, text message records and more sounds like a treasure trove for mass surveillance and spy operations if I ever heard one.

3. Twitch Confirms Massive Breach, Company Data on 4Chan

Twitch, the online community for gamers, creators and others confirms that it has been breached and the subsequent massive data leak is indeed Twitch’s. At any given moment, Twitch plays host to 2.5 million streamers. Twitch notes in a statement, “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.

Twitch Confirms Massive Breach

The Twitch data breach has resulted in the leak of the following data that our team at Echelon has independently confirmed to be true: details on creator payouts; source code for mobile, desktop and video game console Twitch clients; code related to proprietary SDKs and other internal services; and internal security tools. More details on what exactly was leaked can be found on Video Games Chronicle, as they posted further research into some of the data leaked.

Further details around the configuration error and the technical details that led to the breach do not appear to be publicly available at the moment.

Sign Up for Weekly Cyber Intelligence Delivered to Your Inbox

Are you ready to get started?