Iranian hacker attack: What will it cost Twitter?
Hacker attacks cost public companies $1.6 million in lost share value. For Twitter, it's the firm's reputation that's at risk.
Thursday night's cyber attack against the Twitter microblogging service was no routine assault to bring down a website. It was a sophisticated online blitz –perhaps part of an online Iranian cybercampaign – that could prove costly for social media networks.
Unfortunately, such attacks are expected to escalate around the globe.
"There is an arms race in cyberspace occurring today," writes Ron Deibert, a cyberwarfare researcher at the University of Toronto, in an e-mail. "The United States, Russia, and China all have adopted operational doctrines in cyberspace that include computer network attacks such as these. In such a climate of intense militarization, I believe attacks such as these are going to become more common. Services and platforms like Twitter, Youtube, and Facebook will be regularly targeted for filtering, denial of service attack, defacement, and targeted espionage – as they have already with increasing frequency from China to Iran to Russia and Pakistan."
Most computer attacks are relatively straightforward denial-of-service attacks, where computers overwhelm a website with data to bring it down. Thursday night's attack against Twitter was more serious because the hackers gained access to part of Twitter's network and were able to redirect users to a page with a photo of a flag with Farsi script. Near the top of the page ran a bold red headline in English: "This site has been hacked by Iranian Cyber Army."
Hackers for several days have attacked the websites of opponents of Iran's regime and posted the same image. The opponents have used social-media sites like Twitter to organize street protests this year. (For a look at the breadth of those cyberattacks, click here.)
But hacking a site as large as Twitter is an embarrassing setback for the fast-growing social-media network.
"Attacks are very damaging to a social-network company like Twitter because they cripple its main function, the exchange of messages among members, its reputation, and its future profitability," writes Nicholas Economides, an economics professor at New York University's business school. And "the ability of hackers to get inside the company's computers is alarming and it raises privacy concerns for its members."
If Twitter were a large public company, news of a security breach would bring down its market value by an average 2.1 percent – or about $1.65 billion within two days, calculates Huseyin Cavusoglu, an information-systems professor at the University of Texas at Dallas. Since Twitter isn't yet public, the main risk is damage to its reputation.
"Attacks like this can definitely raise concerns about the security of Twitter, which in turn, can reduce the prospects for a successful IPO," Professor Cavusoglu writes in an e-mail. "This is more of a concern for Twitter because it suffered from similar service outages and interruptions in the past."
It's not clear that the attack was officially launched by Iran's government. Professor Deibert notes "a disturbing pattern of 'privateering' occurring in cyber conflicts today, whereby authorities contract out or otherwise encourage acts of 'patriotic' hacking. There is a potential in such encouragement for escalation to occur – a kind of cyclone in cyberspace – whereby bystanders and outsiders are drawn into the conflict and take it in unexpected directions."
For Web-based networks based on trust and friending, this is a chill wind in cyberspace.