Discord took no action against server that coordinated costly Mastodon spam attacks
Reading Time: 2 minutesOver the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted using Discord applications. But Discord has yet to remove the server where the attacks are facilitated, and Mastodon community leaders have been unable to reach anyone at the company.
‘The attacks were coordinated through Discord, and the software was distributed through Discord,’ said Emelia Smith, a software engineer who regularly works on trust and safety issues in the fediverse, a network of decentralized social platforms built on the ActivityPub protocol. ‘They were using bots that integrated directly with Discord, such that a user didn’t even need to set up any servers or anything like that, because they could just run this bot directly from Discord in order to carry out the attack.’
Mastodon founder and CEO Eugen Rochko said in a post that these attacks are more difficult to moderate than past ones, because they deliberately target smaller servers, which often have fewer moderation tools in place. Some of these servers offer open registration, making it possible to quickly start new accounts and post spam. And as Smith notes, these mass spam attacks can drive up server costs, leaving admins with unexpected bills.
According to reports on Mastodon, this fully automated attack was sparked by a conflict between teenagers on two different Japanese language Discord servers.
‘They’ve got technological capabilities that are well above where they are emotionally or psychologically,’ she said.
Kevin Beaumont, a cybersecurity expert, posted on Mastodon that this incident recalls a similar, yet much larger attack from 2016, in which three college kids created a botnet to make money on Minecraft. But what they built was so powerful that it was able to take down huge swaths of the internet, including sites like Reddit and Spotify.
‘I had to do a radio show on NPR about that one and the presenter kept asking me if it was Putin — and I was like, no, it’s teenagers. Advanced Persistent Teenagers,’ Beaumont posted.
As a decentralized social media network, Mastodon’s team is unable to intervene in moderation issues on servers that they don’t own, which is a vulnerability for the fediverse. On servers that are actively maintained and moderated, Mastodon offers tools to prevent automated account registration, like CAPTCHAs.
While Mastodon’s nonprofit, open source model gives users more ownership over their social media experiences, it also limits the company’s ability to hire more developers. Most of the social network is run by volunteers, like Smith herself.
‘I would estimate that the entire fediverse is developed off of the backs of maybe, at best, 100 engineers,’ she said. ‘All of whom are either low paid, underpaid, or unpaid, who are trying to build software, and at the same time, are supporting the userbase of monthly active users in the range of 1.1 million to 7.4 million.’
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG