Twitter, Facebook and LiveJournal were all hit late last night (AEST), with Twitter suffering the worst problems after losing its service for over three hours. Facebook users suffered some problems loading their pages and LiveJournal members lost contact with the site for around an hour.
“Over the last few hours, Twitter has been working closely with other companies and services affected by what appears to be a single, massively coordinated attack. As to the motivation behind this event, we prefer not to speculate,” said the company on its blog.
“Please note that no user data was compromised in this attack. This activity is about saturating a service with so many requests that it cannot respond to legitimate requests thereby denying service to intended customers or users.”
DDoS attacks occur when large number of infected PCs send huge numbers of requests to the target site. The sheer volume of access requests overloads the servers that host the site and causes it to be shut down.
“It's a bit like 15 fat men trying to get through a revolving door at the same time - nothing can move,” said Graham Cluley, senior technology consultant at Sophos.
“Don't underestimate the impact an attack like this can have, by the way. Twitter isn't just about meaningless piffle (although there's a fair bit of that). Companies are using it to keep in touch with their customer base, and consumers take advantage of the site's intimacy to get an answer from large companies that are discovering how to have a "human face" online.”
DDoS attacks are nothing new but the shutdown has raised questions as to how much social networking companies are doing to protect their sites and those who use them.
Financial and betting firms have long been targets for such attacks and have invested millions in setting up sophisticated blocking mechanisms that can lock out computers trying to take part in DDoS attacks, but it appears Twitter and others have yet to make that investment.
“This DDoS attack should highlight to Twitter that it needs to redirect some of this energy to bolster its core security measures in order to protect its millions of users,” said Don Leatham, senior director of solutions and strategy for security vendor Lumension.
“Increasingly, businesses are adopting Twitter as a core part of their social media and communications strategies, and this incident has the potential to have a negative impact on their brands using Twitter, as it could be seen to be highly vulnerable to malicious attack.”
“Obviously, both individual employees and businesses need to take some responsibility when using any online application, including Twitter. The real question here is, ‘is Twitter ready for business primetime?’”