Twitter suffers Denial-of-Service attack - floodgates of hype open (Update 3)
by Steve Ragan - Aug 7 2009, 17:09Update 03:
[The original article starts on page two]
Both Facebook and Twitter are confirming the attacks yesterday were aimed at a single user. Several news sources, including the BBC, are also confirming that an anti-Russian blogger named Cyxymu was the target.
"Over the last few hours, Twitter has been working closely with other companies and services affected by what appears to be a single, massively coordinated attack. As to the motivation behind this event, we prefer not to speculate," wrote Twitter co-founder Biz Stone on the site's official blog.
"We've worked hard to achieve technical stability and we're proud of our Engineering and Operations teams. Nevertheless, today's massive, globally distributed attack was a reminder that there's still lots of work ahead."
As it turns out, Twitter, Facebook, LiveJournal, and YouTube were all hit at the same time -- and Cyxymu just happens to have profiles on each service. However, Google was the only service that suffered no real lasting damage. It was as if it didn't even notice the problem.
"Google systems prevented substantive impact to our services," the search giant said in a statement. Google also said it was aware of "a handful of non-Google sites" that were impacted by the Denial-of-Service (DoS) attack, and was working with some of them to investigate it.
Facebook's Chief Security Officer Max Kelly confirmed that Cyxymu was the target via an interview given to Elinor Mills over at CNET News.
"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said, adding that Facebook was still investigating the incident and attempting to locate those behind it.
"Yesterday's attack appears to be directed at an individual who has a presence on a number of sites, rather than the sites themselves," Facebook said in a statement to The Tech Herald.
"Specifically, the person is an activist blogger and a botnet was directed to request his pages at such a rate that it impacted service for other users. We've isolated the issue and almost all of our users are able to enjoy the normal Facebook experience."
Rumors are spreading with regard to the real cause of the DoS attacks. If the attacks were not random, then why and how were they pulled off?
Cyxymu's LiveJournal page is claiming a large number of e-mails were spoofed and Spammed out so they appeared to come from his GMail account. According to a translated cached version of his LiveJournal page, Cyxymu has been flooded with out-of-office replies because of the Spam run.
Facebook has stated however, that the attack on its services was not the result of Spam. Twitter has made no mention of Spam being the cause, pointing to the blog post when asked and reminding everyone the service would "prefer not to speculate" on the matter.
The spoofed e-mails using Cyxymu's GMail address contained links to the various services where he held accounts. Each of them contained anti-Russian and very pro-Georgian themes. There are suggestions the attacks were partly due to people clicking on the links within the spoofed e-mails, sending massive amounts of traffic to the sites.
"I don't think that's likely. Most people wouldn't have bothered clicking on the link," wrote Graham Cluley of Sophos.
"However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet," he added.
We may never know why the attacks were launched, or the true methods of attack utilized. However, Cluley offered that they may be a marker designed to create a topical reminder of past aggressions between Russia and Georgia.
"Today [07-08-09] isn't just the day after Twitter disappeared for a few hours," he said. "It's also the first anniversary of Georgian troops moving into South Ossetia, an incident which lead to conflict between the Russian and Georgian armies last year."
Update 02:
AVG's Roger Thompson wrote to The Tech Herald with his thoughts on the Twitter attack:
"Popular social networking sites, such as Facebook and Twitter, will always be targets to hackers or spammers and prone to attack and as such, consumers become more vulnerable and run greater risks of becoming victims of online fraud," Thompson wrote.
"Twitter has become a poster-child for our always-connected, always-on internet culture. There may be individuals out there who object to the fragmented 140-character thought-patterns that Twitter has popularised, and this latest attack may be a reaction from those individuals."
With the eyes of the worldfs media all trained on Twitter, Thompson added that those behind this latest attack may be using it as a means of highlighting the vulnerability of the sites we take for granted.
"Botnet attacks have been around for a while, and are often used against government websites by protestors. There is no profit to be made from DOS and those who do carry out an attack like this will lose their botnet, showing there is no gain to be had," he said.
Update 01:
Twitter has confirmed some issues with desktop applications and others using the Twitter API:
"As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. Wefre working to get back to 100% as quickly as we can."
Original Article:
In what is sure to kickoff a flood of news surrounding cloud-based platforms and security, popular micro-blogging site Twitter suffered a serious Denial-of-Service (DoS) attack on Thursday morning, which lasted for a solid two hours before the site was restored.
At about 10:00 or 11:00 (EST) Thursday morning, Twitter abruptly went down in flames. A status update quickly appeared explaining only that the gSite is downh and that Twitter is gdetermining the cause and will provide an update shortly.h Not long after that initial advisory, another followed explaining that the service was defending against a Denial-of-Service attack.
At this time, there are slight gaps in service, but Twitter is back online. There are some scattered issues being reported in connection with desktop applications such as TweetDeck, but those are few and far between. The Web interface is working, but is crawling slightly, more than likely due to the recent surge of tweets rather than the actual attack.
gOn this otherwise happy Thursday morning, Twitter is the target of a denial of service attack,h confirmed Twitter co-founder Biz Stone via an official blog post regarding the matter.
gAttacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,h he added.
gWe are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.h
Around the same time Twitter was having its operational ankles chewed, reports began circulating that social networking giant Facebook had also been knocked offline.
gEarlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors,h a Facebook spokesperson told Jennifer Leggio of ZDNet (@mediaphyter).
gNo user data was at risk and the matter is now resolved for the majority of users. Wefre monitoring the situation to ensure that users continue to have the fast and reliable experience theyfve come to expect from Facebook... We are investigating potential foul play at this time,h the spokesperson added.
In assessing the issue, Leggio offered that Facebook suffering through an attack of its own was a possibility, but the reported service lag could also be the result of glost Twitter users who were looking for temporary social networking salvation.h
According to some reports, blogging community LiveJournal also suffered a much smaller outage, although it recovered quickly and was soon back online.
The Tech Herald will keep this story updated throughout the day.Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.
Comment on this Story