Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted using Discord applications. But Discord has yet to remove the server where the attacks are facilitated, and Mastodon community leaders have been unable to reach anyone at the company.
Key Takeaway
Discord’s failure to take action against the server coordinating costly Mastodon spam attacks raises concerns about platform abuse and the impact on smaller federated social networks.
Spam Attacks Coordinated Through Discord
Emelia Smith, a software engineer working on trust and safety issues in the fediverse, revealed that the attacks were coordinated through Discord and the software was distributed through the platform. Bots integrated directly with Discord, allowing users to carry out the attack without the need to set up separate servers. Despite attempts to contact Discord through official channels, Smith has only received form responses and highlighted the lack of a clear way to report whole servers.
Discord’s Response and Impact on Mastodon
Discord’s Terms of Service prohibit platform abuse, including spam and sending unsolicited bulk messages. However, the server responsible for the spam attacks remains online, causing significant financial and operational impact on server admins of Mastodon and other platforms. Mastodon founder and CEO Eugen Rochko noted the challenges in moderating these attacks, particularly as they target smaller servers with fewer moderation tools and open registration.
Teenage Conflict Sparks Automated Attack
Reports indicate that the fully automated attack was sparked by a conflict between teenagers on two different Japanese language Discord servers. Emelia Smith described the behavior as akin to “schoolyard bullies,” suggesting that the attack was driven by a desire to showcase technological capabilities rather than ill-will towards the social networks.
Challenges for Decentralized Social Media
As a decentralized social media network, Mastodon’s team faces limitations in intervening in moderation issues on servers they don’t own. The incident highlights vulnerabilities in the fediverse, with Mastodon’s nonprofit, open source model posing challenges in hiring more developers and addressing moderation issues.