View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
August 6, 2009

Updated: Twitter falls over in DoS attack

Facebook, Google also hit

By CBR Staff Writer

Twitter has become the target of a denial of service attack, and the popular micro-blogging service temporarily went offline on Thursday.

“We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate,” read a notice posted to theTwitter web site. 

The service has been hit by a series of security glitches of late. Notably, the accounts of several well-known Twitter users were hacked or compromised in January, and then again in May and June. 

Last month Sophos warned that Web 2.0 companies like Twitter are concentrating on growing their customer bases at the expense of properly protecting users from internet threats, after the company reported a quarter of organisations have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.

Earlier this week security software house F-Secure revealed that Twitter had begun to take security a little more seriously and was starting to block links to malicious sites when users try to post them.

Twitter returned to action on Thursday evening (UK time). Although service was still patchy for some users as the servers to time to fully recover.

Reports later emerged that Facebook, blogging service LiveJournal and Google had also been the victim of DoS attacks, although the search giant claims it was able to fend off any disruption to its service.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Over the last few hours, Twitter has been working closely with other companies and services affected by what appears to be a single, massively coordinated attack. As to the motivation behind this event, we prefer not to speculate,” said Twitter founder Biz Stone on the company’s blog.

However, it has been claimed that the attacks were targeted at an anti-Russian blogger known as Cyxymu. Facebook’s Chief Security Officer Max Kelly claimed that the DoS attack was an attempt to silence the blogger in the run up to the anniversary of the Georgian invasion of South Ossetia, which instigated the Russia-Georgia was last August.

Cyxymu, who is from Tbilisi, Georgia, has accounts on Twitter, Facebook, LiveJournal as well as Blogger and YouTube, both owned by Google. “This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble, forcing us to ask serious questions about the site’s fragility,” Graham Cluley from security firm Sophos said on his blog.

According to reports, spasm emails were sent out containing links to Cyxymu’s various social networking sites. Users clicking on the links contributed to the DoS attacks. However, this theory is unlikely, according to Cluley, who said that most people would correctly believe the emails were spam and ignore them.

“I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn’t responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet,” Cluley said.

Denial of Service attacks occur when a huge number of compromised PCs send requests to a specific site. The site’s servers fail to keep up with the requests and the site falls over. “It’s a bit like 15 fat men trying to get through a revolving door at the same time – nothing can move,” said Cluley.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.