Hacker attack shuts down Twitter, Facebook also slows down (Update 2)

Twitter said it suffered a denial-of-service attack, in which hackers command scores of computers toward a single site at the same time, preventing legitimate traffic from getting through.

The attacks may have been related to the ongoing political conflict between Russia and Georgia. They started with hackers using a botnet to send a flurry of spam e-mail messages that contained links to pages on Twitter, Facebook and other sites written by a single pro-Abkhazia activist, according to Bill Woodcock, research director of the San Francisco-based Packet Clearing House, a nonprofit that tracks Internet traffic.

Russia recognized as independent the breakaway regions of South Ossetia and Abkhazia after a brief war with Georgia a year ago.

When people clicked on the links, they were taken to the activist's legitimate Web pages, but the process of loading the pages at such volumes overwhelmed some servers and disrupted service, Woodcock said. He said it's hard to immediately tell whether it was a case of hackers trying to punish the sites for publishing views they disagree with, or if they were directing traffic to the sites out of sympathy for the activist's message.

"There's very little way of distinguishing which side was taking this action, because either side could hypothetically benefit from it," Woodcock said.

The fact that a relatively common attack could disable such a well-known Web site shows just how young and vulnerable Twitter still is, even as it quickly becomes a household name used by celebrities, large corporations, small businesses and even protesters in Iran.

"Clearly they need a stronger infrastructure to be able to fight this kind of attack," said Graham Cluley, senior technology consultant at computer security firm Sophos. Twitter's tech support teams, he added, "must be frankly out of breath" trying to keep up with the site's enormous growth.

According to comScore, Twitter had 20.1 million unique visitors in the United States in June, some 34 times the 593,000 a year earlier.

For Twitter users, the outage meant no tweeting about lunch plans, the weather or the fact that Twitter is down.

"I had to Google search Twitter to find out what was going on, when normally my Twitter feed gives me all the breaking news I need," said Alison Koski, a New York public-relations manager. She added she felt "completely lost" without Twitter.

The Twitter outage began at about 9 a.m. EDT and lasted a few hours.

Facebook, whose users encountered intermittent problems Thursday morning, was also the subject of a denial-of-service attack, though it was not known whether the same hackers were involved. Unlike Twitter, Facebook never became completely inaccessible. Facebook said no user information was at risk.

LiveJournal, a 10-year-old online diary and blogging site that has waned in popularity in recent years, was also the subject of a denial-of-service attack that lasted about an hour Thursday morning, the company said.

By early afternoon both Twitter and Facebook seemed to be functioning, giving cubicle-bound social media addicts a collective sigh of relief. Twitter warned, though, that as it recovers, "users will experience some longer load times and slowness."

Technology business analyst Shelly Palmer told AP Radio that denial-of-service attacks are a reality of the information age.

"People tend to want to take sites that are very public and go after them," said Palmer, managing director of Advanced Media Ventures Group. "In fact you'd be surprised how many sites for major companies are really attacked on a daily basis. This is a crime, it's a real crime and it should be treated that way."

Earlier this week, Gawker Media, which owns the eponymous media commentary blog and other sites, was also attacked. In a blog post, Gawker said Tuesday it was attacked by "dastardly hackers," leading to server problems that caused network-wide outages Sunday and Monday. It was not immediately clear whether those attacks were related to Twitter's.

Thursday's was not the first - and likely not the last - outage for Twitter.

Besides planned maintenance outages, overcapacity can cripple Web sites, especially such fast-growing ones as Twitter and Facebook.

In fact, service outages on Twitter once were so common that management began posting a "Fail Whale" logo on the Web site to signal when the service was down. The logo featured a whale being hoisted above the water by a flock of birds.

Millions of Twitter users aren't familiar with the 3-year-old service's history of frequent outages because they began tweeting in the past six months, around the same time that the San Francisco-based company had was spending more money to increase its computing power and reduce the disruptions. With the added capacity, the Fail Whale rarely surfaces any more.

Even so, the entire site being down means Twitter hasn't put enough measures in place to prevent such an attack, Cluley said. That could include working with Internet service providers to filter potentially malicious requests from legitimate ones, as well as having servers spread out around the world.

Denial-of-service attacks are typically carried out by "botnets" - armies of infected computers formed by spreading a computer virus that orders compromised machines to phone home for further instructions. They are generally used to send out spam or steal passwords, though some can be commanded to overwhelm Web sites.

Successful attacks on popular Web sites were common earlier this decade. Sites such as eBay, Amazon.com and CNN were overwhelmed by such attacks, sometimes for days, in 2000.

But Thursday's attack underscores the fact that no one is immune.

"With these attacks, if you get enough infected machines ... you can take down anyone," said Dmitri Alperovitch, vice president of threat research at security vendor McAfee Inc.

Last month, dozens of U.S. and South Korean sites, including those of the White House and South Korea's presidential Blue House, were targeted in denial-of-service attacks.

For Lev Ekster, who runs a mobile cupcake truck called CupCakeStop in New York, Thursday's Twitter hiccup meant no tweets to customers and fans on the truck's location and the day's flavors.

But it wasn't the end of the world.

"As soon as I saw the Twitter outage, I went on to our Facebook fan page," said Ekster, who also uses Twitter to get reviews of his cupcakes, find employees and let people know about giveaways.

The lesson, he says, is "not to limit yourself to Twitter and live or die by Twitter."

---

AP Technology Writer Jordan Robertson contributed to this story from San Francisco.
©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.