Twitter was the target of a sustained denial-of-service attack Thursday morning, an attack that took the site offline for several hours. Twitter’s service went down around 9 a.m. EDT and was back up around noon, while Facebook’s site also experienced problems that may have been the result of a DoS attack.
An analysis of the traffic to and from Twitter by Arbor Networks, which tracks DoS attacks, shows that the site’s traffic dropped off the table right around 9 a.m., and began recovering slowly shortly thereafter.
We generally don’t see a lot of data (i.e. it takes thousands of tweets to match the bandwidth of a single video), but 55 ISPs in the Internet Observatory were exchanging roughly 200 Mbps with Twitter before the DDoS. Then traffic dropped to a low of 60 Mbps around 10:40am and began climbing after that. As of 1pm EDT, Twitter traffic was still down by 50% at 150 Mbps (normally we see close to 300 Mbps for this time of day).
Twitter has become a favored target of attackers of late, as the site offers a huge user base and numerous attack vectors to exploit. Twitter users have seen several waves of spam in the last couple of months, as well as Twitter messages from bots pushing links to malware sites. Twitter is especially fertile ground for these kinds of attacks thanks to the 140-character limit on messages that requires the use of URL-shorteners to share many links. Users often have no way of determining where these links point to before they click on them.
But Thursday’s attack seems to be the first successful one against the Twitter site itself. The company has reportedly suffered a couple of hacks that compromised employees’ passwords and other information, but the DoS on Thursday marks a new chapter. Twitter users regularly see the famous “fail whale” image telling them that the site is over capacity, but that condition usually lasts just a few minutes at most.
The only communication from Twitter so far on the attack has been a series of status updates this morning disclosing the attack and saying that the company was working to restore service.