A Closer Look at the Massive Denial-of-Service Attack on Twitter

Article by George Norman (Cybersecurity Editor)

on 07 Aug 2009

Yesterday, the 6th of August, when the whole world was presumably focused on getting Windows 7 RTM from MSDN and TechNet, popular micro-blogging site Twitter went down. The Twitter team acknowledged this fact and announced that it would determine the cause of the outage shortly. It didn’t take long for them to determine that Twitter is the target of a denial-of-service (DoS) attack that needed fending off. Even Twitter co-founder Biz Stone came out to announce that the micro-blogging site is under attack and that the team is defending against it.

Now, the day after the attack, we are faced with the aftermath: Twitter.com is back up and running, site latency has improved, but some web requests do continue to fail. This translates into the impossibility to post or follow from the Twitter web site – for some users.

It has also come to light that it was a single, massively coordinated DoS attack that impacted other sites as well: Facebook, LiveJournal, Google Blogger and YouTube. Luckily for Facebook users the attack did not impact them as hard as it did Twitter. The social networking site showed slower response times, but remained online.

The big question here is WHY?

Biz Stone preferred not to speculate, noting only that “no user data was compromised in this attack.”

Director of Technical Education with Eset, the company behind NOD32 , Randy Abrams believes it to be the work of “a disgruntled idiot or an attempt to gain fame by a hacker with more technical skills than brains. If it isn’t an organized criminal group that is attacking Twitter I would expect the attacker will draw the ire of criminal groups that abuse Twitter for illegal gains. Somebody is hitting the criminal element in the wallet by attacking Twitter.” Abrams goes on to say that perhaps someone is trying to market a botnet and this would be the perfect way to advertise it.

But the one that may have it right is Senior Technology Consultant with Sophos, Graham Cluley: “Today isn't just the day after Twitter disappeared for a few hours. It's also the first anniversary of Georgian troops moving into South Ossetia, an incident which lead to conflict between the Russian and Georgian armies last year. Perhaps surprisingly, the two may not be disconnected. The major [denial-of-service] campaign which brought Twitter to its knees yesterday may have actually set out to silence only one person - an anti-Russian blogger called Cyxymu from Tbilisi.”

Cluley bases his claims on the fact that Cyxymu had an account on Twitter, Facebook, LiveJournal, Google's Blogger and YouTube – all of these services were affected by the DoS attack. Facebook's Chief Security Officer Max Kelly confirmed that the blogger’s accounts were attacked simultaneously. “It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard. We're actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can,” said Kelly.

So there you have it: Twitter went down because the voice of one man had to be silenced. Doesn't this draw more attention to the Georgian blogger?

UPDATE 08.10.2009 - Twitter co-founder Biz Stone comments : "The ongoing, massively coordinated attacks on Twitter this [past] week appear to have been geopolitical in motivation. However, we don't feel it's appropriate to engage in speculative discussion about these motivations. The open exchange of information can have a positive impact globally and our job is to keep Twitter services running reliably to the best of our ability." Things are now pretty much back to normal at Twitter.

Eset's Randy Abrams has come around an now admits the attack might have targeted the Georgian blogger, but he's sticking with the "try to market a botnet" idea. " Some people are speculating that the motivation for the Twitter attack was to try to silence one person. There are really good signs that the attack against an individual was what took down Twitter, but still we really don’t know. I speculated that it might be a show of force to try to sell botnet resources. It still could be that. If you’re going to demonstrate your weapon you still need a sample target. In this case it may have been killing two birds with one stone," said Abrams. He also noted that he still believes theTwitter DoS attack ruffled a few feathers with the criminal elements that use Twitter to make money.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all