[ad_1]
Over the weekend, hackers targeted federated social networks such as Mastodon to carry out ongoing spam attacks which were held on Discord, and conducted using Discord applications. But Discord has not yet taken down the server where the attacks are perpetrated, and Mastodon community leaders have been unable to contact anyone at the company.
“The attacks were coordinated through Discord, and the software was distributed through Discord,” said Amelia Smith, a software engineer who regularly works on trust and security issues. Fediverse, a network of decentralized social platforms built on the ActivityPub protocol. “They were using bots that were directly integrated with Discord, such that the user didn’t need to set up any servers or anything like that, because they just ran this bot directly from Discord to carry out the attack. Could have.”
Smith attempted to contact Discord through official channels on February 17, but has so far only received form responses. He told TechCrunch that while Discord has mechanisms for reporting individual users or messages, it doesn’t have a clear way to report an entire server.
“We have seen server administrators from Mastodon, Misky, and others incur hundreds or thousands of dollars in infrastructure costs and denial of service,” Smith wrote to Discord Trust & Safety in an email seen by TechCrunch. “It seems the only common link is this Discord server.”
In a statement to TechCrunch, a Discord spokesperson said, “Discord’s terms of service specifically prohibit misuse of the platform, which refers to activities that disrupt or alter the experience of Discord users, including “Includes sending spam, or unsolicited bulk messages or interactions.” Although Discord says it is monitoring the situation, the server responsible for the spam attacks remains online.
Eugene Rochko, Founder and CEO of Mastodon said in a post These attacks are more difficult to control than previous attacks, because they deliberately target smaller servers, which often have fewer control tools. Some of these servers offer open registration, making it possible to quickly start new accounts and post spam. And as Smith notes, these massive spam attacks can drive up server costs, leaving administrators facing unexpected bills.
According to reports On Mastodon, this fully automatic attack was launched by a confrontation Between teenagers on two different Japanese language Discord servers.
“It’s this kind of weird social behavior where these kids are essentially behaving like schoolchildren,” Smith told TechCrunch. She thinks that they attacked just to show that they can do it, not because they have any ill will towards these social networks.
“They have technical abilities that are far above their status emotionally or psychologically,” he said.
Cybersecurity expert Kevin Beaumont posted on Mastodon that the incident is reminiscent of a similar, yet much larger attack from 2016, in which three college kids created a botnet to make money on Minecraft. but what they created was extremely powerful It was able to take down large portions of the Internet, including sites like Reddit and Spotify.
“I had to do a radio show about him on NPR and the presenter kept asking me if it was Putin – and I said, no, it’s teenagers. Advanced Persistent Adolescent,” Beaumont Posted,
As a decentralized social media network, the team at Mastodon is unable to intervene in moderation issues on servers they do not own, which is a Vulnerability For Fediverse. On servers that are actively maintained and operated, Mastodon provides tools to prevent automated account registration, such as CAPTCHA.
While Mastodon’s non-profit, open source model gives users more ownership over their social media experiences, it also limits the company’s ability to hire more developers. Most social networks are run by volunteers like Smith himself.
“I would estimate that the entire federal variety was probably developed with the help of, at most, 100 engineers,” she said. “All of whom are either underpaid, underpaid, or unpaid, trying to build software, and at the same time, support a user base of monthly active users in the range of 1.1 million to 7.4 million “
[ad_2]
Thanks For Reading