Twitter, Facebook and LiveJournal hit by massive denial-of-service attack

Filed Under: Denial of Service, Facebook, Social networks, Twitter

Twitter has been hit by a massive distributed denial-of-service attack making the micro-blogging service unavailable for millions of users around the world. Facebook and LiveJournal are also reported to have been affected.

Twitter first confirmed that its site was unavailable on its blog. The reason? An external denial-of-service attack.

A denial of service attack occurs when computers bombard a website with requests for information. Typically hackers can control thousands of innocent users' computers centrally and command them to visit a site that they wish to flood with traffic - making it impossible for other internet users to get through.

It's a bit like 15 fat men trying to get through a revolving door at the same time - nothing can move.

In the meantime, micro-bloggers around the world are likely to be left twiddling their thumbs.

Twitter down

You know, I wonder how many people thought this morning that their IT department had deliberately blocked Twitter because of concern that staff were wasting too much time tweeting about their first cup of coffee of the day or the latest news about that Vanessa Hudgens picture.

The fact is, however, it wasn't your system administrator blocking access to your favourite social networking site, but hackers disrupting the service instead.

Don't underestimate the impact an attack like this can have, by the way. Twitter isn't just about meaningless piffle (although there's a fair bit of that). Companies are using it to keep in touch with their customer base, and consumers take advantage of the site's intimacy to get an answer from large companies that are discovering how to have a "human face" online.

Anyway, the important issue right now is the denial-of-service attack and how well Twitter can defend itself against it.

And don't forget that you can do your bit to help Twitter get out of the hole, by checking that your computer hasn't been compromised by hackers. Scan your PC with an up-to-date anti-virus, make sure you have the latest security patches and run a decent firewall. That way you'll be a good internet citizen and ensuring you're not contributing to the problem.

The question on my mind is - why would someone want to attack Twitter? I can't imagine it's a commercial competitor of theirs, but it could be someone with a political or financial motivation (blackmail?), or a teenager in a back bedroom with access to an awfully large botnet.

Twitter, LiveJournal, Facebook

Update: Twitter is beginning to come back to life, but don't be surprised if you experience time-outs as it gets back to full speed.

Meanwhile, social media website Mashable is reporting that Facebook is also blaming problems it has had with its site today on a denial-of-service attack.

Mashable quotes an unnamed Facebook spokesperson as saying:

"Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users. No user data was at risk and we have restored full access to the site for most users. We're continuing to monitor the situation to ensure that users have the fast and reliable experience they've come to expect from Facebook."

This was later officially confirmed by an official posting by Facebook:

Facebook acknowledges DDoS attack

And guess what? Facebook and Twitter aren't the only ones. LiveJournal has also reportedly confirmed that it was hit by a denial-of-service attack today.

This seems like far too much to be a coincidence. The fact that the attacks have hit Facebook and LiveJournal as well as Twitter means that hundreds of millions more people could have been impacted by the website outages.

Update 2: It appears that the denial-of-service attacks may have actually had one single user in their targets. Read "Was Twitter denial-of-service targeting anti-Russian blogger?"

, , , , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.