Twitter crippled by denial-of-service attack

Oh, snap! I'm not even getting a fail whale!

Twitter was inaccessible for several hours on Thursday morning, followed by a period of slowness and sporadic time-outs (and more outright downtime). The company is blaming an "ongoing" denial-of-service attack but has not said anything further. Facebook has also confirmed that it was targeted by a DoS attack that rendered some of its features slow or non-functional.

Judging by the timeline of my TweetDeck client, it looks like the problems started right around 6 a.m. PDT.

"We are determining the cause and will provide an update shortly," Twitter's staff posted at 6:43 a.m. PDT on the service's status blog.

Then, around 7:49 a.m. PT, the company posted, "We are defending against a denial-of-service attack and will update status again shortly."

Around 8:15 a.m., the status blog post was updated with "The site is back up, but we are continuing to defend against and recover from this attack." (I still was unable to access Twitter.)

Perfomance monitoring firm AlertSite says that Twitter's home page went down at 6:05 a.m. PT and was showing 40 percent availability at 8:04 a.m. PT, but that timeouts were continuing from most of its monitoring locations at 8:30 a.m.

Way back when, Twitter outages were so commonplace that it was worth reporting when it didn't crash--as when it stayed afloat during the entire South by Southwest Interactive Festival in 2008. Now, a few million dollars of venture capital later, the service is far more stable.

Twitter wants to establish itself as a communications standard rather than just a social-media brand. It's been a crucial platform for information exchange in the face of global events where more traditional means of broadcasting have been inaccessible or blocked.

Problems at Facebook, too
Some features of Facebook were also experiencing uptime issues on Thursday--one reader speculated that log-in servers may have been down--which raises the issue of whether a hosting company problem is to blame. Alternately, a denial-of-service attack could have been targeting both high-profile companies.

Facebook responded later in the morning on Thursday with a statement. "Earlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors," the statement read. "No user data was at risk and the matter is now resolved for the majority of users. We're monitoring the situation to ensure that users continue to have the fast and reliable experience they've come to expect from Facebook."

About an hour later, the company revised the statement to confirm that a denial of service attack was involved. "Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users," the updated statement read. "No user data was at risk and we have restored full access to the site for most users. We're continuing to monitor the situation to ensure that users have the fast and reliable experience they've come to expect from Facebook."

But the Facebook outages were not on the same scale as Twitter's by any means, said Ben Rushlo, a senior consulting manager at performance firm Keynote. "There's been a few slow data points but you couldn't even put them in the same sort of stratosphere of comparison," Rushlo told CNET News.

Publishing site LiveJournal also appears to have been affected by attacks on Thursday.

Botnets, bot herders, and DDoS attacks
DDoS (distributed denial-of-service) attacks typically come from a collection of compromised computers called a botnet, said Graham Cluley, a senior technology consultant at Internet security firm Sophos. The botnet computers can inundate a Web site's servers with communication requests, legitimate or malformed to cause extra trouble.

Botnet-based DDoS attacks are difficult to deal with because it can be hard to distinguish legitimate communications from those that are part of the attack. And just blocking access from the IP addresses of offending computers poses complications: "You don't want to block legitimate users. The computers probably sending (the DDoS) traffic to Twitter belong to legitimate people," Cluley said.

Watch CBS Videos Online

DDoS attacks can be motivated by people seeking ransom money or seeking to make a political statement, but Cluley suspected that's not the case in this particular attack. "My guess is this is most likely some kid in a back bedroom who has access to a large botnet and is showing off to his friends what he can do," Cluley said.

Twitter is unusual in that much of its use comes not through its Web site but through an application programming interface (API) that lets software such as TweetDeck interact with the service. API access also suffered during the outage.

"Often there is collateral damage" during a denial-of-service attack, Cluley said. "Other servers can begin to fall over."

There have been a notable number of DoS attacks recently in the social-media space: On Wednesday, URL shortener Trim claims that one such attack rendered its truncated URLs inaccessible for some time; earlier in the week, blog network Gawker Media was downed by an attack that targeted The Consumerist, a property that it recently sold but still hosts on its servers.

Denial-of-service attacks are actually waning these days as bot herders rent their botnets to those who want to use them to send spam or host malicious software that can be used to compromise other computers, said John Harrison, group product manager of security response at security software company Symantec.

"Organized crime and other groups have gone off to other things. It's more lucrative for them to use the Internet, not to take the Internet away," Harrison said. Using a botnet in a denial-of-service attack can reveal computers to be part of a botnet, for example when an administrator notices high network traffic from a compromised machine, so keeping a low profile can save the botnet for use another day.

To keep a PC from becoming part of a botnet, Harrison recommended keeping the operating system, browser, browser plug-ins such as Adobe Systems Flash and Reader, and other software up to date, and naturally to install antivirus software. "All it takes is one vulnerability to potentially have malware installed," he said.

A massive series of DoS attacks hit the Web a decade ago, long before either Facebook or Twitter was remotely close to existence. They hit the likes of CNN.com, Amazon, E*Trade, eBay, and Buy.com, and were such a serious problem that the FBI held a series of press conferences to address concerns.

There has been no indication that a single party, or groups of hackers in tandem, was responsible for the Facebook and Twitter attacks, or whether there was any connection to the other DoS attacks on smaller sites earlier this week. But it's probably not a coincidence that they all happen to coincide with the annual Defcon hacker convention.

One security expert thinks he may have found a connection. "Today's outage is happening at the same time a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to send invitations that are designed to lure potential victims to fake AV web pages," an e-mailed statement from Paul Henry, a security analyst at the firm Lumension, explained. "The speculation is that the onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."

More to come when we hear it. Last updated at 12:10 p.m. PT.

CNET News' Stephen Shankland contributed to this report.

[HammerIntoAnvil]

I'm not 100% sure, but Livejournal seems to be having similar problems and Facebook is acting strangely as well - displaying "Not connected to network" messages when you try and submit forms. Some kind of DOS attack? :S

Definitely appears to be something happening on a much larger scale. Gonna be an interesting day for those of us who work on the web.

[wfseube]

Interesting. I thought it was just me. Both FB and Twitter down here (mostly), too.

[neenski]

Yup, LJ down here too. Am curious if other sites have picked up on this, too... at least this way, no one can 'tweet' about it, eh? *grins*

[F_L_H]

The LJ status page says "LiveJournal may be unresponsive or slow to load due to some database problems we're experiencing. Our Operations staff is working to resolve the problem as quickly as possible."

[HammerIntoAnvil]

@FLH

Yeah, it seems to be working again now. Possibly just a coincidence?

[FreddieT]

The latest update here says it's a DoS attack. Does it mean Facebook, LiveJournal and Twitter are all under attack? Jeez.

[MattRinPS]

Hmm.. Facebook, Twitter under attack.. myspace appears to be unscathed... Smart money is on Newscorp / Rupert Murdoch as the probable "enemy" here.

[ca5ter]

ahahaha...

[badasscat]

LJ just announced that they were also part of the DoS attack on the lj_maintenance community.

[Fil0403]

Yep, seems so.

[LANjackal]

FriendFeed's still up :P

[longklaw]

When CNN starts reporting Twitter outages, that'll be the day.

Facebook was acting weird for me earlier as well.

[bblande]

Here you go, longklaw: http://www.cnn.com/2009/TECH/08/06/twitter.attack/index.html

:)

[jaguar717]

Who cares about the dinosaur media's priorities?

Maybe if Drudge Report starts to care it'll be noteworthy.

[longklaw]

Oh no! It's all over the news!

[MickRoberts]

Still down at 10:05am EST. Massive continual upgrades fail to keep Twitter going as promised. Insufficient infrastructure, poor expansion planning and probably some mis-allocations of $50+million in investment capital all contributing to more and more frequent downs. Question is: Will these downs result in a stronger Twitter in the future - or no Twitter at all? Twitter is an awesome app, hope they can fix it soon.

[MickRoberts]

Still down at 10:05am EST. Massive continual upgrades fail to keep Twitter going as promised. Insufficient infrastructure, poor expansion planning and probably some mis-allocations of $50+million in investment capital all contributing to more and more frequent downs. Question is: Will these downs result in a stronger Twitter in the future - or no Twitter at all? Twitter is an awesome app, hope they can fix it soon.

[thechrisroberts]

This looks too much like some sort of ddos to me. Facebook is having major trouble, Twitter is unavailable, some other social networking places are having issues... This is not an issue with the Twitter infrastructure, this is hacker activity against several sites.

[F_L_H]

Agreed. Facebook has been wonky all AM and, from here, appears to be completely down now. A DDOS seems likely.

[chrisdesouza]

A good percentage of Twitter bandwidth is wasted into nothingness. Who reads all those missed Tweets. There has to be a better way. It's like that sidewalk preacher on a busy New York street. He hears his own voice and thinks people are listening. Some do. most don't.

[YankeePoodle]

You are focusing too much on the "not" working part. Twitter does wonders when you are in the right group and have right questions. ideas or things to say..

[gggg sssss]

wonders??? you have got to be kidding. Shouldnt you be at work or something?

[bithaze]

Add another one having trouble with both Twitter and Facebook this morning. I'm trying to change my Facebook account's e-mail address and Facebook claims it's invalid. On the Twitter side, I'm not sure how it was sent or received, but one update at 9:49 am via Tweetie showed up in TweetDeck.

[cb3431]

The world is still spinning and Twitter is down. How can that be?

[Thoneh]

Facebook very slow, also getting messages like this: HTTP Error
Transport error (#12152) while retrieving data from endpoint `/ajax/friend_guess.php': Unknown HTTP error #12152

Twitter completely dead.

[F_L_H]

On the Twitter staus page:

Ongoing denial-of-service attack
We are defending against a denial-of-service attack, and will update status again shortly.

[gtiman07]

Twitter - status update " Ongoing denial-of-service attack" 2 minutes ago
We are defending against a denial-of-service attack, and will update status again shortly.

[Andreas_NORWAY]

What's going on? Twitter is down and Facebook is as good as down as well...

Any news coverage on this?

[Joshua Kwoon]

yay twitter is back up here.

[leonpaternoster]

According to Twitter it's back up.

Praise the Lord!

http://status.twitter.com/post/157191978/ongoing-denial-of-service-attack

[gggg sssss]

Praise the lord? wft?

[seroquel13]

I was having problems with the LA Times website as well. I would log on, go to a section of the site, and had to keep logging back on, repeatedly. When I sent them an email, it was returned as not deliverable.
This would be a logical answer to that problem.

[zcold]

right, blame defcon, im sure that the up and coming defcon is the reason for these attacks...

i wonder if this would be 4chan doing?

[galacticgufus]

don't you mean 'ebaum's world's doing'?

[MattRinPS]

9:00 a.m. PST - Facebook/Twitter both still down/sputtering along.

[PCUser2008]

Well i thought it was my safari browser but IE 8 is even worse but my API app still lets me post tweets and it is still way down at 9:09 PST.