Twitter goes down under a sustained DDOS attack

The Twitter site was partially back up and running by 5pm on Thursday 6 August, although access is patchy after the DDOS attack, Infosecurity notes.

A message on Twitter's status blog confirmed that it had been the target of a "denial of service attack".

The blog said: "Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users."

The blog post added that Twitter was defending itself against the DDOS attack.

Facebook also said it was "looking into" possible problems with its portal, which appeared to be partially down as well.

Steve Gold, Infosecurity's technical editor, said that DDOS attacks are similar to what happens on the eastern part of London Undergroud's Jubilee Line after, say, a major concert at the O2 arena.

"Quite simply, the transport system starts to get overloaded and, if the situation gets too bad, London Underground close some of the tube stations to ease the congestion", he said.

"It's the same with a DDOS attack, except that the site under attack can do little to assuage the effects of the attack, apart from working with its Internet hosting and connections company to ride out the massive surge in traffic", he added.

According to Gold, many firms are using diverse routing to beat the effects of a DDOS attack on their servers.

They might, he explained, use one ISP peered into the London Telehouse for one set of connections, and other ISP peered into the UK's second peering point, MANAP in Manchester.

With Twitter, however, he went on to say, the data pipes involved are so massive into Twitter's servers - to cater for the tens of millions of message sent on the system every day - that diverse routing would probably not work properly.

Graham Cluley, a senior technology consultant with Sophos, said the DDOS attack outage of Twitter was rather like 15 fat men trying to go through a revolving door at the same time.

"Basically nothing happens as the door grinds to a halt due to a person overload situation. It's the same with Twitter - we suspect it may be a botnet that's driving the DDOS attack, but we can't be sure at this stage," he said.

According to Cluley, Twitter's use of diverse routing would be a good way of minimising the effects of a DDOS attack, but he doubts that the site uses this technology at the moment.

"I suspect that the site's IT staff have been struggling to cope with the massive growth the portal has experienced since its creation back in 2006", he said, adding that, because of this, Twitter's IT architecture is probably still "in its nappies" in terms of network resilience and security terms.

Once thing you can be sure that is happening, the Sophos technical expert told Infosecurity "and that is Twitter will almost certainly be looking at how to stop this happening in the future." 

What’s Hot on Infosecurity Magazine?