Monday, January 9, 2012

Worst Internet disasters of the decade

Now that this decade is coming to an end, we thought it would be a good time to list the very worst Internet disasters that happened between 2000 and 2009. And believe us, there have been some really big ones. Some you may remember, and some may be new to you, but they all affected a huge amount of Internet users.

We focused on Internet service disruptions that lasted a significant amount of time and affected many people. Other criteria were that the incident shouldn’t be about any one single service or website and that it should be technical in nature (i.e. the dot-com bubble bursting in 2000 doesn’t count).

We have arranged the incidents in chronological order, oldest first.

DDoS attacks cripple web heavyweights

February 2000

A series of DDoS attacks crippled or disabled large websites like Yahoo, CNN, Amazon, eBay, Buy.com, ZDNet, and online trading sites like E*Trade and Datek. The attacks were spread out over days and attacked different sites, but were thought to be connected.
To name an example of the extent of the DDoS attack, Buy.com was hit with eight times more traffic than its maximum capacity.

The Code Red worm attacks web servers

July 2001
Code Red was a computer worm that spread itself via a security hole in the Microsoft IIS web server, even though a security patch had been out for months.
The infected websites were defaced by the worm, showing the following message:
HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
At its peak, on July 19, 2001, as many as 359,000 web servers were infected with Code Red.
After the defacement, Code Red also had a second payload that activated itself after 20-27 days, when it launched DoS attacks on a set of pre-determined IP addresses. One of the sites the attacks targeted was the White House web server.

The SQL Slammer worm wreaks Internet havoc

January 2003
SQL Slammer was a computer worm that spread itself rapidly via a security hole in Microsoft SQL Server. A security patch had been available for six months, but many had not installed it. At least 22,000 systems were infected, possibly many more.

The entire worm was only 376 bytes, and spread itself by sending off a single UDP packet which could hold the entire code, making its distribution highly effective. It has been estimated that the number of infected computers initially doubled every 8.5 seconds (exponential growth) and that 90% of all computers with the vulnerability had been infected within 10 minutes.

The rapid spread and broadcasting of the worm effectively acted as a DDoS attack on the entire Internet. It overloaded routers all over the Internet, many of which crashed. The series of routing changes and restarting routers this led to caused a flood of communication between routers, which made ordinary Internet traffic either slow down or just stop.

Turkish ISP hijacks the Internet

December 24, 2004

A Turkish ISP (TT Net) made a mistake when configuring its routers, effectively announcing to the rest of the Internet that everything should be routed to them. Routers talk to each other and propagate this kind of information, so the configuration error spread and resulted in tens of thousands of networks on the Internet sending traffic to the wrong destination or not getting the traffic they were supposed to.

The result was that a lot of websites were unreachable for a large portion of the Internet population. This “traffic hijacking” to Turkey lasted for hours, and would most likely have been considerably more noticeable if it hadn’t happened on Christmas Eve.

Earthquake breaks Asian Internet

December 26, 2006

A massive earthquake with an epicenter outside the coast of Taiwan broke a large number of important submarine communications cables. Internet traffic to and from China, Taiwan, Hong Kong, the Philippines, Malaysia, Singapore and many other places was severely affected by the incident, especially to the US.

As with most undersea cable breaks, repairs were complicated and took a long time to complete. Full service wasn’t restored until over a month later.

Big sites go dark as San Francisco datacenter loses power

July 24, 2007
When 365 Main’s datacenter in San Francisco lost power it effectively took down a number of big websites and services like Craigslist, Typepad, LiveJournal, Yelp, Second Life, Technorati and Adbrite. All of them were hosted at this supposedly super-reliable co-location facility. The incident was made worse because several of the backup power generators failed to start. Although power was restored after about 45 minutes, it took hours before all the websites were back up and running.
Ironically, this incident happened the same day as 365 Main sent out a press release announcing that its San Francisco facility had had two years straight of 100% uptime.

Data center problems are fairly common, but this one had a huge impact since so many big sites were affected.

The Mediterranean submarine cable break

January-February 2008

This was actually three separate incidents, but they happened so closely together that the effect was enormous (and launched a number of conspiracy theories). Between January 23 and February 4, 2008, a total of five submarine data communications cables in the Mediterranean outside Egypt were cut. These cables were part of the Internet backbone and the disruption severely limited the Internet access to and from the Middle East and India.

Theories as to why the various cable breaks happened include damage done by ship anchors and bad weather conditions, although due to various circumstances there are some conspiracy theories about sabotage which have not been completely ruled out even by the UN (ITU).

“Honorable” mentions

While not making the list above for various reasons, there are undoubtedly some incidents from the last decade that at least deserve a mention. Here are some of the disasters that didn’t quite make the cut, but were awfully close.

Arranged in chronological order:
  • October, 2002: DDoS attack on the DNS backbone. This would definitely have made the cut, but the attack ultimately did not succeed in disabling DNS; it was more of a close call. Another attack was attempted in February, 2007.
  • August, 2003: The Northeast Blackout of 2003. The largest power outage in US history (hence the caps) of course had widespread effects on the Internet access for a huge number of people in that area. Parts of Canada were also affected.
  • July, 2007: Apple’s Mobile Me launch problems. The service was extremely rocky for weeks after its launch, and Steve Jobs has later admitted in an internal (but leaked) email that Apple should have done more testing before launching it.
  • August 2007: The great Skype outage. Skype stopped working for almost two days for its millions of users due to a problem indirectly triggered by Windows Update. We use Skype a lot here at Pingdom, and have less-than-fond memories of this incident.
  • November, 2007: The Navisite datacenter migration. Around 175,000 websites were offline for days when a server migration between datacenters went wrong.

No comments:

Post a Comment