Social media furore erupted earlier this month over cybersecurity allegations which, in the end, turned out to be groundless. Following a series of outages for T-Mobile customers across a number of platforms, rumours began to circulate online of a potential Chinese DDoS attack against US systems, with rampant speculation claiming that the country had been suffering its largest cyber attack in history.
The incident served to illustrate how social media can fuel unfounded speculation on subjects relating to cyber attack threats, as despite later clarification and evidence to the contrary, rumours of an attack spread widely for hours after the fact.
DDoS threats run amok on Twitter
The incident occurred after a Twitter account, which claimed affiliation with the vigilante hacking group Anonymous, asserted on June 15 that the US was in the midst of suffering a Distributed Denial of Service cyber attack potentially of Chinese origin. The account, which uses the handle @YourAnonCentral to reach over 6.5 million followers, tweeted its claims in two separate posts, each garnering tens of thousands of user engagements despite a clear lack of evidence presented.
Nevertheless, the Twitter account did acknowledge its claims concerning the origin of the cyber attack were assumptions, writing that, “We speculate it may be China as the situation between South and North Korea is currently deteriorating.”
After a social media wave followed the two tweets, security expert and Cloudflare chief executive Matthew Prince quickly pointed out that, rather than an orchestrated DDoS cyber attack, the outages that affected T-Mobile customers had come as a result of network configuration issues.
Among the services the incident had affected included FaceTime, iMessage, Google Meet, Google Duo, Zoom, Skype and others, T-Mobile later confirmed.
“There’s a lot of buzz right now about a ‘massive DDoS attack’ targeting the US, complete with scary-looking graphs,” wrote Prince. “While it makes for a good headline in these already dramatic times, it’s not accurate. The reality is far more boring.”
In spite of mounting evidence in support of Prince’s theory, the @YourAnonCentral Twitter account doubled down on its claims that the outages were linked to a DDoS attack, reportedly posting screenshots of a DDoS digital attack map belonging to the cybersecurity firm Arbor Networks.
The DDoS cyber attack theory was later debunked officially by the National Capital Region Threat Intelligence Consortium, a body linked to the US Department of Homeland Security. Urging telecommunication firms to avoid unfounded allegations, the consortium asserted in a statement to Cyberscoop that the reported outages at T-Mobile had indeed not originated from DDoS attackers. “The NTIC Cyber Center has not received any reputable information regarding any wide scale DDoS attacks impacting mobile carriers within the United States and urges members to verify sources and information before sharing via social media or other platforms,” they said.
Cyber attack, or network issue?
What was quickly debunked as a cyber attack later emerged to have been network connectivity issues. Following closely at the heels of the incident, T-Mobile President of Technology Neville Ray began providing updates to users over Twitter, announcing several hours after the incident that the issues had been solved.
In a public advisory that followed on from the incident, CEO Mike Sievert shed light on what had caused the network issues, which he conceded had “intermittently impacted customers in markets across the U.S.”
“We are recovering from this now but it may still take several more hours before customer calling and texting is fully recovered” wrote Sievert. “This is an IP traffic related issue that has created significant capacity issues in the network core throughout the day.”
“I can assure you that we have hundreds of our engineers and vendor partner staff working to resolve this issue and our team will be working through the night as needed to get the network fully operational,” added Sievert in his advisory.
All voice and data issues had been resolved by June 15, 2020 10:03 p.m. PST, according to T-Mobile.
A propensity for disproportion
The events that unfolded at T-Mobile earlier this month and the ensuing social media speculation illustrate how the perception around a cyber attack, whether or not they are verified, can easily erupt out of proportion.
“Rumors spread like wildfire on the internet, and it’s usually horror sounding stories like this that travel the fastest. Fact-checking before sharing is vital, but as it takes time, many people tend to just read a headline before sharing it, which adds fuel to the fire,” cybersecurity specialist Jake Moore told Forbes on the subject.
“Somehow, evidence in a story is now rarely required for many people who can’t wait to be the one to break the news to their contacts,” added Moore.