Twitter still reeling from denial of service attack


Twitter has been knocked offline by a denial of service (DoS) attack.

The popular social networking site was offline for more than an hour this afternoon, but then resumed service. A message on its status page during the downtime said: "We are defending against a denial-of-service attack."

On the Twitter blog, co-founder Biz Stone wrote: "On this otherwise happy Thursday morning, Twitter is the target of a denial of service attack."

"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users," he said.

Sophos security researcher Graham Cluley pondered the motives behind the attack. "The question on my mind is - why would someone want to attack Twitter? I can't imagine it's a commercial competitor of theirs, but it could be someone with a political or financial motivation (blackmail?), or a teenager in a back bedroom with access to an awfully large botnet," he wrote in his blog.

The site has suffered outages before, but normally because of sudden upswings in traffic.

At 10pm Thursday the site's status updates claimed it was back up, but still fighting off a continued attack. At the time of publication, the site was still not loading each time IT PRO tried to access it, although mobile clients showed some users were able to login in and update their status. At around midnight, it appeared to be working as normal again.

Stone has also updated Twitter's offcial blog to keep users up to speed with what is happening.

"The continuing denial of service attack is being mitigated although there is still degraded service for some folks while we recover completely," he said, adding that Twitter had been working with other organisations that had experienced a similar DoS attack - the origins of which remain a mystery to all concerned.

"Please note that no user data was compromised in this attack. This activity is about saturating a service with so many requests that it cannot respond to legitimate requests thereby denying service to intended customers or users," Stone added.

"We've worked hard to achieve technical stability and we're proud of our engineering and operations teams. Nevertheless, today's massive, globally distributed attack was a reminder that there's still lots of work ahead."

(Additional reporting by Maggie Holland)