UPDATE: Twitter Suffers DoS Attack

Author: Dennis Fisher
minute read

Twitter was the target of a sustained denial-of-service attack Thursday morning, an attack that took the site offline for several hours. Twitter’s service went down around 9 a.m. EDT and was back up around noon, while Facebook’s site also experienced problems that may have been the result of a DoS attack.

Twitter was the target of a sustained denial-of-service attack Thursday morning, an attack that took the site offline for several hours. Twitter’s service went down around 9 a.m. EDT and was back up around noon, while Facebook’s site also experienced problems that may have been the result of a DoS attack.

An analysis of the traffic to and from Twitter by Arbor Networks, which tracks DoS attacks, shows that the site’s traffic dropped off the table right around 9 a.m., and began recovering slowly shortly thereafter.

We generally don’t see a lot of data (i.e. it takes thousands of tweets to match the bandwidth of a single video), but 55 ISPs in the Internet Observatory were exchanging roughly 200 Mbps with Twitter before the DDoS. Then traffic dropped to a low of 60 Mbps around 10:40am and began climbing after that. As of 1pm EDT, Twitter traffic was still down by 50% at 150 Mbps (normally we see close to 300 Mbps for this time of day).

Twitter has become a favored target of attackers of late, as the site offers a huge user base and numerous attack vectors to exploit. Twitter users have seen several waves of spam in the last couple of months, as well as Twitter messages from bots pushing links to malware sites. Twitter is especially fertile ground for these kinds of attacks thanks to the 140-character limit on messages that requires the use of URL-shorteners to share many links. Users often have no way of determining where these links point to before they click on them.

But Thursday’s attack seems to be the first successful one against the Twitter site itself. The company has reportedly suffered a couple of hacks that compromised employees’ passwords and other information, but the DoS on Thursday marks a new chapter. Twitter users regularly see the famous “fail whale” image telling them that the site is over capacity, but that condition usually lasts just a few minutes at most.

The only communication from Twitter so far on the attack has been a series of status updates this morning disclosing the attack and saying that the company was working to restore service.

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.