Despite a weekend onslaught of spam attacks on federated social networks like Mastodon, allegedly coordinated through Discord, the communication platform has yet to take any action against the server facilitating the assaults.
(Photo : MARTIN BUREAU/AFP via Getty Images)
This illustration picture taken on May 27, 2020 in Paris shows the logo of the social network application Discord on the screen of a phone.
Accusing Discord
Organized and executed using Discord applications, the attacks have left Mastodon community leaders frustrated as their attempts to engage with Discord officials have gone unanswered.
According to Emelia Smith, a software engineer specializing in trust and safety matters within the fediverse, the attacks were orchestrated through Discord and utilized bots seamlessly integrated with the platform.
This integration allowed users to conduct the attacks directly from Discord without the need to establish separate servers. Despite her efforts to reach out to Discord through official channels on February 17, she has only received generic form responses.
Smith highlighted a deficiency in Discord's reporting system, noting that while there are mechanisms to report individual users or messages, there is no clear avenue to report entire servers.
Smith highlighted the significant financial toll these attacks have taken on server administrators of Mastodon, Misskey, and other platforms, often amounting to hundreds or thousands of dollars in infrastructure expenses, along with widespread service disruption.
Discord's Response
The common thread linking these incidents appears to be a specific Discord server. In response to inquiries from TechCrunch, a spokesperson for Discord reiterated the platform's stance on prohibiting abuse outlined in its Terms of Service, including spam and unsolicited bulk messaging.
While Discord claims to be actively monitoring the situation, the server implicated in the spam attacks remains operational.
Eugen Rochko, founder and CEO of Mastodon, acknowledged in a statement that combating these attacks presents unique challenges, particularly as they target smaller servers with limited moderation capabilities.
Many of these servers allow open registration, facilitating the rapid creation of new accounts for spamming purposes. As Smith points out, the cumulative impact of these spam attacks extends beyond service disruption, often resulting in unexpected financial burdens for server administrators.
Smith characterized the behavior as akin to schoolyard bullying, suggesting that the attackers were motivated by a desire to showcase their technological prowess rather than animosity towards the targeted social networks. She noted that these individuals possess advanced technological skills but may lack emotional and psychological maturity.
Also Read: Meta, TikTok, Big Tech CEOs, Set to Defend Social Media Safety for Kids
Cybersecurity expert Kevin Beaumont drew parallels to a significant incident in 2016, where three college students created a botnet primarily to profit from Minecraft. However, the botnet's unintended consequences caused widespread internet disruptions, affecting major platforms like Reddit and Spotify.
Beaumont shared his experience addressing the 2016 incident, highlighting that despite initial speculation about state-sponsored cyberattacks, the perpetrators were ultimately revealed to be highly skilled adolescents, earning them the nickname "Advanced Persistent Teenagers."
Due to its decentralized nature, Mastodon's team faces limitations in addressing moderation concerns on servers they do not manage, posing a vulnerability within the fediverse. However, on servers under active maintenance and moderation, Mastodon provides tools such as CAPTCHAs to deter automated account registrations.
While Mastodon's nonprofit, open-source approach empowers users with greater control over their social media interactions, it also imposes constraints on the company's capacity to expand its development team. The majority of the social network relies on volunteers, including individuals like Smith.
Related Article: FBI Arrests 21-Year-Old IT Specialist for Allegedly Leaking Pentagon Documents Online
