Twitter Brought Down by Denial-of-Service Attack

Updated: Wow…apparently Twitter has been down for nearly two hours this morning. I was wondering why my Tweetdeck had gone silent for so long. I guess not many people were tweeting. Apparently there is a big denial-of-service attack on Twitter. On the company blog, Twitter co-founder Biz Stone says the company is trying hard to defend against this attack. According to web site traffic monitoring service, AlertSite, “The Twitter home page became unavailable at 9:05 a.m. ESDT and has remained unavailable through the latest reported measurement at 10:55 a.m. ESDT.” AlertSite saw no increases in response times leading up to the outage. My Tweetdeck desktop client is getting sporadic updates, but I can’t access the Twitter web site (which I use with awesome PowerTwitter) for now. Scratch that — as of 8:15 am PSDT, the Twitter web site is working for me. At 10.50 am PSDT, the website is still down for me. Some of the Twitter clients are not working either. tiwtterdown

Interesting post from CTO of Authentium, Ray Dickenson where he blames botnets for all the problems being faced by Twitter today.

It may be coincidental, but we saw a large increase yesterday in our virus-collection network. We received 200 times the normal average of emails with malicious attachments. One node, for example, went from 10 items to 2000 in a day. These were phony emails telling random recipients that a UPS parcel could not be delivered and asking the reader to “print out the attached invoice”. The attachment was not an invoice, it was a trojan.

Facebook was hit as well. From the company:

Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users. No user data was at risk and we have restored full access to the site for most users. We’re continuing to monitor the situation to ensure that users have the fast and reliable experience they’ve come to expect from Facebook.

Update: Ken Godskind, chief strategy officer at AlertSite, gave us more information this afternoon, notably that Twitter had fully recovered by 2 p.m. EDT. And as far as he could tell, the effect of the attack on Facebook was much less severe than it was on Twitter. Facebook was available 97 percent of the time between 9 a.m. EDT and 10 a.m. EDT and 100 percent available the rest of the time, indicating, according to Godskind, that it was “better prepared or better at reacting to a DoS.”

Update#2: An attack on a pro-Georgian blogger is reportedly behind the sitewide outage on Twitter, Facebook, Live Journal and other sites yesterday, which happened to fall on the anniversary of the Russian-Georgian conflict. Facebook’s chief security officer Max Kelly told CNET that the attack was directed at a blogger named “Cyxymu,” who had accounts on all the sites affected yesterday. The blogger, a 34 year-old economics lecturer, told the Guardian that he believes the attack was an attempt by the Russian government to silence his criticism over Russia’s conduct during the war over the heavily disputed South Ossentia region. Though Twitter is back up and running, applications built on the Twitter platform are still recovering yesterday’s attack, Twitter co-founder Biz Stone wrote on the company’s blog today. Some of the apps affected include Hootsuite, Tweetdeck and CoTweet.