A DDOS attack this morning took Twitter out at the knees and they were down for hours. Rival Facebook faced a similar attack (likely related), but for the most part managed to remain online. Some users couldn’t access the site or post content, but the site remained online for most users.
Facebook’s statement:
Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users. No user data was at risk and we have restored full access to the site for most users. We’re continuing to monitor the situation to ensure that users have the fast and reliable experience they’ve come to expect from Facebook.
We’ve also heard that Facebook and Twitter are working together to figure out exactly which 15 year olds are responsible for organizing the attack.
I have not had a problem with FB, but Twitter was down even after they announced it was up.
OMFG A WEBSITE IS DOWN
MAKE 6 MORE ARTICLES ON IT
that was funny lol
That was very funny.
MySpace must feel left out.
i feel bad for myspace…it’s not popular enough. sad sad sad and oh how things change so quickly.
MySpace has better technology in place to protect against DDoS. Twitter’s infrastructure is just sad … FB also made some key changes in the last year to their technology that didn’t help their cause.
and that’s exactly the point. that’s what i’ve been trying to ask and get answered and i already figured it out as more information was release and speculated, but yeah. so out of all these sites twitter was more affected than others.
Hi, I’m @basementdad, and I don’t understand the internet.
Lots of Facebook Fan pages are still down. :/
“which 15 year olds are responsible”… I hope whoever has enough bandwidth under their control to DDOS the likes of Twitter and Facebook isn’t actually 15
It’s actually pretty easy:
15 year old: “Hey 4chan, run this script to ddos facebook and twitter”
4chan: “lol ok”
Not that I’m saying it was 4chan, but throwing a “do this because it’ll be funny” out on the Internet is surprisingly powerful.
If you knew how people act on 4chan etc, you’d realise this wouldn’t happen. They’ll get called a massive faggot and told to go away if they did this. If they have a coherent and clever strategy then maybe they could pull it off, but no planning = no success.
You know, I’m OK with not having any idea how people on 4chan act.
ha, funny, I know how you feel
I was on 4chan this morning, the /b/tards weren’t doing anything but trading porn and yelling “MOAR” at eachother.
So were you trading porn or yelling MOAR?
yes
It’s actually important to put whoever did this in jail. I suppose it was a real DDoS, from at least 10,000 clients. An average 15 yo 4chan kid DOES NOT have control of such a botnet.
You would be surprised how many skilled 15 year olds are out there that can do simple virus and create a botnet.
I bet this attack is of Russian origin. Three services were hit: twitter, FB, and LiveJournal. Twitter and Facebook are obvious choices, but LJ is the top blogging/social networking platform in Russia. I thin it’s an indication of who is behind the attack.
Could be the same thugs in the BHO administration that thought up the “Snitch on your Neighbor” program, because they were upset about how fast the word got out.
Or maybe the Iranian thugs, angry about how Twitter has shown the light on their activities.
Or maybe both.
or maybe the CIA or the FBI … ridiculous.
Clearly ‘anyone’ could be responsible – I think it’s a bit ‘tin foil hat’ to start suggesting that it’s the old enemies of the USA that are responsible.
that’s funny because I was thinking it was a test run from a government agency myself. i was thinking more Iran than Russia though
fyi I happen to be 15. I could orchestrate something like this quite easily given I had access to an already-scripted botnet and my own IRC channel. I bet i could get something similar to this (perhaps on a smaller scale though) to go down within a couple days. On the other hand, I am not an idiot. The FBI has it’s own DDoS taskforce. If I were to actually go through with this I would take very many precautions such as an anonymizer to make me appear as if I was in China etc…
Do you have an access to a botnet? I think you do not. It’s like saying: if I had an ssh to Facebook servers, I could bring it down… VERY FEW people have access to a botnet. And, FYI, the majority of modern botnets are not controlled via IRC…
Right. You could do it if it was packaged into a one-button process. Congratulations on being a teenager.
I will grant you that starting your own IRC channel is a time-consuming and difficult process. But then again, you are not an idiot.
Wow, multi-billion dollar businesses temporarily crippled by “15 year olds”, that’s a little terrifying…
are you nuts, Facebook & Twitter combined X 10 are not “multi-billion dollar businesses”. They wish they were, and are still figuring out how to profit!
Yes they are. If you wanted to buy either of the two you better bring billions to the table.
That’s only based on the irrational exuberance that exists between the owners and select investors.
Using financial valuation methods, they are hardly worth multiple billions.
Such is the word of Sanjay.
ahhhh yes the ole “irrational or unbridled exuberance” observation. Other wise known an innovation killer.
financial valuation methods are based “on the irrational exuberance” every statistic valuation or quantative method based on assumptions or “experts opinion” is irrational don’t be such a nitpicker
It’s sad to have my fav. Social media platforms suffering downtime.
Seriously, why take down Twitter and Facebook? Why not take down something that doesn’t help society, say…. foxnews.com lol…
+1
I laugh at Fox News every evening. Don’t take my comedy away!
Or CNN? NBC? ABC? CBS?! MSNBC! Screw it, all of em!
Willing to bet Iran had something to do with this
Thanks sleuth.
“We’ve also heard that Facebook and Twitter are working together to figure out exactly which 15 year olds are responsible for organizing the attack.”
Never has techcrunch been more accurate.
…and by working together they mean Twitter is sending Facebook their logs.
Here’s the 600 blu-ray disks of logs… Oh and this container holds last nights.
OK a little OOT but I bet it will take sometime to plough through them and separate DDOS requests from real ones.
esp. if everyone did what I did, and said “Oh twitters down, I wonder if it’s down for me, I’ll have a look”… Doh….
What are you talking about?
Just saying their log files will be big files.
i understood you comment and my brain isn’t even fully formed.
I accidentally opened a video on Facebook. Now I’m having trouble surfing the internet. It keeps sending me to random sites. If it’s the same virus, what was the fix for users?
The links in facebook are NEVER safe, you have no idea where they are going to by the looks. Unless you have complete faith in your Anti-Malware/Virus software its a major danger to click a tiny URL in Twitter.
It’s a good thing there’s life beyond the web, otherwise I would find myself with nothing to do
There was a live beyond the web before facebook you mean
Web server down and I see…
Funding: $55M
No comments.
Probably the same ones who use Twitter and Facebook.
Hours later and Twitter is still giving me and others I know the giant fail whale. Yikes!
LOL. i just got around to going to some sites to get some news and kept coming up with this whole twitter ddos attack. seriously. the first link is funny:
http://www.theg...article1243372/
http://network....der-attack.aspx
and thestar.com ran the same g&m story. i guess the AP or reuturs get all the money though. so i came to a site where i know this will be talked about…and here i am at tc.
i blame socialism for this. actually no it’s probably an under 25 year old caucasian male. and also OMG MY WHOLE LIFE ENDED BECAUSE TWITTER IS DOWN…even if i was a fanboy/girl would still be funny. they need to up the security at twitter hq…maybe like how the fb people are doing it with their site.
gwaker got hacked too this week? wow. i’m not familiar with that website but anyone know how they run their security? so does the fact that this largely didn’t affect fb but shutdown twitter, mean that it was two different attacks or same attack but different codes…how does something like this work? can it be assumed that the same people carried this out…cause it probably was. oh well. i’ll be checking out the 400 plus comments twitter attack story for some more laughs.
“I’m not familiar with that website but anyone know how they run their security?”
Yep it shows, no offence but in the paragraph above
“they need to up the security at twitter hq…maybe like how the fb people are doing it with their site.”
A DOS or a DDOS attack has nothing to do with security as such, it’s lots of different computers trying to connect (just as you would if you opened a web browser) to twitter, and as their is too much incoming data the system gets bottlenecked and can’t cope.
cool. thanks for explaining lol. i knew it is was a lot of different computers set up with different server clients sending a connnection reuest to those websites…but how come fb stayed up and twitter didn’t? or how come most of the attack was towards twitter instead of fb and why include fb or other sites, unless you’re covering yourself and spreading out the attack recipients so it’s harder for you to get caught. why didn’t they just attack twitter if that was the intended target?
*request.
this comment from the other ddos thread is appreciated:
Daniel
“no one can defend themselves from a DDOS
It doesnt require any proper Hacking skills, really, Just the ability to aquire an IP address to target.
The website just gets flooded with pings which will eat up the allotted bandwidth of the system or server, eventually causing said system to crash.”
I don’t know how websites counter these attacks. I guess I’ll google this and see what information I get.
You can defend yourself from a DDoS, not a DDoS of infinite size but depending on the size and the amount of protection you put in place it is possible to filter it.
Twitter and Facebook do not require ICMP (the protocol PING uses) for their services to function, that traffic can be filtered/dropped in their carrier backbones using a service like AT&T Internet Protect | DDoS Defense http://www.busi...ect-enterprise/
Most DDoS isn’t actually just a PING flood though, they’ll utilize a TCP connection flood (the most basic form is a SYN flood (go read Wikipedia on the TCP protocol) from spoofed IP addresses, but more sophisticated DDoS attacks (and risky since you expose your bots) will use full TCP connection flooding from real IP addresses.
The “fake” sessions can also be filtered after reaching the datacenter by your hosting provider (or if you’re in a co-lo you can go buy devices yourself) with devices like the Cisco Anomaly Detector and the defense system call the Guard.
With a combination of a DDoS defense system in place and a highly session capable caching load balancer such as the Cisco ACE, Citrix NetScalar, or F5 BigIP you can significially reduce the impact of a DDoS as long as your upstream carrier pipes aren’t flooded (this is often done with larger ICMP but the carrier can filter/drop ICMP bound for your IP address without harming your application and customer interaction).
As far as “15 year olds not having botnets big enough to do this”, never underestimate anyone. How hard is it to send out 10,000,000 e-mails saying “You need to login to right now or else <pick some tragedy” and at that fake site you host a trojan giving you a bot because “grandma” didn’t learn everything in your inbox isn’t always what it seems.
This really just touches the surface of how ugly things can get, both ICMP and TCP (or SYN) flooding are very basic attacks, it can be much smarter and much worse.
Mr. AT&T…
hey bret, thanks for the info! i will also check out those references.
facebook was really bogged down but now its back!.. All major facebook functions are happening without any problem.
Obama and the Iranias must be testing how to take twitter & facebook down during large protest
I went to tweet and I couldnt so I wrote it down instead….
Weird tweet! They restored stuff for “most” people? When your site is DDoS’ed there is no way to have people in Huston being impacted yet people in NYC have access to FB…
Just saying it’s weird tweet.
You thinking of one box with all the data. FB and twitter have lots of boxes, they need to to be able to scale. FB’s boxes are seperated into geographic (well the users network) areas (at least as far as I can tell) so if your in the NYC you could be able to access your box, yet I may not because my box is being especially hit.
It was terrifying, 15 minutes without an outlet for my inner monologue. I had to resort to writing stuff on post-it notes.
i think the memo written on a postit is that post-it’s have gone out of style. people just twitter or text message now. it atleast gives paper/trees a break.
I thought Twitter was, by definition, a denial of service attack.
idk twitter is up and i see others can make post but i cant . everyone else is posting but none of mines go through
may some terrorist organization can claim that they have done it
I did it….
American.
Sort of feels like your hometown is under terrorist attack. Check out my CARTOON at http://www.pcdi...f-twirvice.html
Twitter down again?
Nope. My bad.
I did a followup to my earlier write-up, this is pretty funny:
http://digg.com...yeahboobies_com
No way this was 4chan’s doing… livejournal was also attacked and 4chan hasn’t seemed to have a problem with the place.
I understand facebook and twitter being attacked; two big sites… but livejournal is small in comparison… pretty odd.
not really. apparently the person being attacked has accounts on most of those sites.
Facebook is really great, when it comes to a privacy matter, but yes there is alot of apps available which make people really confused. Nice info. Thanks
Oh..twitter. I hope will up soon. I can’t live without you..
I think facebook had been hacked too because it was too slow and also some people got their applications menu bar disappeared!!
anybody had no access to twitter september 9, 2009?