When is an “attack” not an attack? We took a call recently from a panicked client whose website had gone down due to a distributed denial-of-service (DDoS) attack. When Jake, our lead projects engineer jumped in to help, he found some unusual evidence left behind: the attack didn’t come from any typical cybercriminal—it was coming from Meta AI (you know Facebook and Instagram? that Meta). Yes, that’s as strange as it sounds, and that’s why we decided to write this post about it.
What is a DDoS attack?
Ordinarily, DDoS attacks are carried out when an attacker wants to disrupt normal traffic through a website or server, in order to take down a website, service, or network. Basically, it acts like a traffic jam that floods that service with activity, so that the legitimate traffic can’t get through. If this disruption gets bad enough, it can take down web services or entire segments of major infrastructure online.
What happened?
One of Jake’s recent clients, who we’ll call Betty, is the new IT director at a fairly large public organization in Michigan. Betty’s company hosts many archives that are accessible to the public through their website. On a Friday afternoon (typical, right?), just as most of Betty’s team was getting ready to leave, a DDoS attack hit, taking down their website and a few internal services with it. Although Betty has plenty of experience in IT, she’s new to this company and their systems, so when she saw something unusual was going on she knew she needed an extra hand.
Betty called Jake with Newmind, who was able to identify the source of the issue in about 15 minutes. The evidence came in the form of the search phrases he found requested from their servers—they all followed a similar pattern of complex phrases resembling AI phrasing, and they all came in at a speed impossible for a single human submitting a few searches in a row. The source of all these unusual searches? Meta.
Why would they be flooding Betty’s organization with AI requests, though? Jake believes that Meta’s intelligence model was aggressively scraping the web for publicly available information for their dataset, and a combination of bad luck and their wealth of data made Betty an easy target.
Jake took another hour to roll out a solution to the problem. He moved the company’s DNS records to Cloudflare, which automatically blocks bots attempting to access their database. Then he put specific blocks in place for any Autonomous System Numbers (ASN) associated with Facebook and Meta, to prevent new requests from coming through. After about an hour, all of the blocks were in place and tested, and Betty’s company was back online.
Are AI Services a threat to your business?
We don’t mean to sound alarmist, but this incident does represent a new type of threat, of companies scraping data for AI model training without developing a relationship with the host of that content. It’s reasonable to say this same type of attack could take down many types of organizations similar to Betty’s. They didn’t actively agree to engagement from Meta for this to happen.
Institutions that house large amounts of publicly accessible data, like universities, libraries, and research organizations, all seem like prime targets for this type of AI-driven data scraping. As AI models continue to grow and draw resources from the world around them, it seems reasonable to expect this to become a common occurrence until some form of regulation is introduced to prevent it.
How can you prevent an attack like this?
The best way to prepare yourself for a similar incident is to know how to access your company’s DNS records, and have a plan in place to move them or modify them in the event of an attack.
Your DNS records act as instructions for how internet services and email are allowed to interact with the data on your servers, and they’re hosted by your domain registrar (whom you purchased your web domain from).
If you’re unsure about the safety of your company’s domain, or want to verify that you’re protected from similar incidents, we’re happy to lend our expertise. Give us a call and we can help give you peace of mind.