Attack of the zombie army

Yesterday, at around 14:00 GMT the productivity of office workers across Europe, Africa and the Middle East shot up. Monthly reports were finished, urgent e-mails were sent and the consumption of tea rose sharply. The cause? Facebook was effectively unavailable for several hours.

But what unnatural disaster could have robbed us of our God-given right to super-poke our friends and stalk our ex-boyfriends during office hours? It was - wait for it - a co-ordinated attack by a zombie army.

No, I'm not kidding. Yesterday thousands of normally friendly computers - purring happily in offices and studies around the world - turned suddenly bloodthirsty and simultaneously hurled themselves at Facebook and a number of other sites, battering them again and again until they ground to a halt.

The technical term for this is a distributed denial of service attack (or DDoS). Patient hackers spend months infecting computers with tiny invisible programs called "worms" and "Trojans". Normally these are unwittingly downloaded by the terminally gullible who open, with a trembling mouse finger, every e-mail titled "Congradulation!!! You have won $10,0 million in the Arkansas lottery!!!"

Then, when the time is ripe, the hackers activate their worms and Trojans, taking control of the computers and forcing them to attack sites or services. In geek-speak this army of computers is called a "botnet", but would you still be reading this if I'd titled it "Attack of the botnet army"?

In principle a DDoS attack is quite similar to a run on a bank. No bank keeps anywhere enough cash on hand to pay out all its customers at once, mainly because the chances of that ever happening are so slim. If it does happen the bank is forced to close its doors or face collapse.

The same is true of sites like Facebook. They may have a quarter of a billion users around the globe (if they were a country they would be fourth biggest by population), but only a fraction of those users are ever on the site at any one time. Thousands of extra computers making thousands of requests a second pushed them over the edge, causing intermittent outages around the world.

And Facebook actually fared quite well by comparison with Twitter, the micro-blogging zeitgeist, who dropped like a stone and remained down for over two hours. Blogging platform Livejournal was also down, and Google reported they were attacked, but shrugged off the flood with characteristic ease.

As complex as all this sounds it's actually shockingly easy to accomplish given a certain level of computer literacy, plenty of free time and a cavalier disregard for authority. A DDOS attack is all brawn and no brains - a victory by blunt force trauma and congestion - and they normally accomplish nothing more than vandalism.

Techcrunch editor Michael Arrington put it succinctly: "Facebook and Twitter are working together to figure out exactly which 15 year olds are responsible for organising the attack."

So what can we do to stop this happening in future? After all next time it could be your bank that gets attacked or, as happened in October 2002, the vital plumbing of the internet itself.

First, and most importantly, get your computer some decent anti-virus and anti-spyware software. Second, stop opening those idiotic e-mails. You haven't won the money. You probably aren't even sure where Arkansas is.

Because as much as we'd like to blame the computers, it's human laziness and ignorance that's to blame, once again. And teenagers. Bloody kids.

- Alistair is Social Media Manager at 20FourLabs.

Send your comments to Alistair

Disclaimer: News24 encourages freedom of speech and the expression of diverse views. The views of columnists published on News24 are therefore their own and do not necessarily represent the views of News24.

- News24