As we noted early this morning, Twitter is still having some major issues getting its service stabilized following the DDoS attacks. Co-founder Biz Stone has posted a new update on the situation on Twitter’s blog today. Apparently, the attacks are still ongoing, and while Stone refuses to speculate on the motivation behind them, he does note that they appear to be “geopolitical” in their nature.
Says Stone:
The ongoing, massively coordinated attacks on Twitter this week appear to have been geopolitical in motivation. However, we don’t feel it’s appropriate to engage in speculative discussion about these motivations. The open exchange of information can have a positive impact globally and our job is to keep Twitter services running reliably to the best of our ability.
This is in line with various reports around the web suggesting that a group of Russian hackers are targeting Georgian users, and possibly just one user. Similar attacks also targeted Facebook, LiveJournal, Blogger and YouTube. While certainly this would fall into the realm of cyber terrorism, what’s crazy is how this is echoing elements of actual terrorism as well. We’ve gotten multiple tips from parties either claiming or denying responsibility for the attacks, much like terrorist factions claim or deny responsibility when a bomb goes off somewhere.
Sadly, given the success the responsible parties have seen in taking down these sites, it seems likely that it will only embolden others to carry out more attacks of this nature in the future. Twitter notes that it is doing all it can to prevent that and to resolve this situation, but as Stone writes, “Denial of Service attacks are a known quantity on the web and they are not going away any time soon.”
Twitter has been posting updates on its status blog to let users and third party developers know what is going on. On top of taking out Twitter’s main service, these attacks forced it to shut down many of its API services, which obviously crippled many of the services built on top of Twitter’s platform. Twitter is still working on restoring those. The API team is encouraging developers to post questions on their mailing list found here.
One recent update in that list is pretty telling for how serious these attacks are:
As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz’s post saying all was well, but that didn’t mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way.
The key point there is obviously that the attacks intensified almost tenfold from what they were seeing yesterday. That’s not good.
[photo: flickr/lucianvenutian]
Oh dear god please give me more info on Twitter
…then MG is your best friend.
Here’s something you should read MG and tell MA to follow:
http://www.nyti...&ref=sports
Yes. The age of privacy is dead. Get with it.
twitter’s done guys… can someone move on and make a new service?
Oh dear god please give us more text-tears from Bill.
lol. do text tears burn? are they as irritating as spam text messages?
Why do they not have flood controls and other limiters on the routers?
Seems simple enough.
Wouldn’t mean there were no such controls, it’s a windows box?
pay back is a bitch, even when it is not your own doing. I recall twitter shutting down my account for BS, and FB same shiit. Well, how does it feel now that it is on you?
I heard Biz Stone took a shit today and MG posted it so it became news.
You know it’s getting bad when people bashing TC for covering Twitter stories are themselves getting old.
Also, this is a bit more serious than your normal Twitter story. This is terrorism and apparently political in nature. I definitely want to see these stories on TC.
+1
+7
Please explain how Russian hackers preventing you from posting 140 character missives qualifies as terrorism.
The DDOS is a political hit job at worst, and while deplorable, it’s nothing new in that part of the world.
I wonder how short your long-term memory is. Twitter’s role in spreading the word of events in Iran, and before that Georgia was instrumental.
Twitter Fanbois are starting to give Apple’s a run for their money.
+1
Categorizing Twitter not being able to survive a DDOS as terrorism is laughable at best.
tim said…
Also, this is a bit more serious than your normal Twitter story.
When someone hacked into Twitter to steal some properties that belonged to the owners, there was no outrage here at TC, however the sort of similar crimes of attacking Twitter via DDOS is being shouted out very loud as terrorism. I abhorred kinds of attacks since they violate the rights of the owners to their own properties, however one can only hear one side of the critisism from TC. You call this bias.
All you people who get all pissy about anything not being news should chill out. Everything and anything that readers care about is news. As long as readers drool over Twitter (which they do), EVERYTHING Twitter does is news. While techcrunch COULD try to draw some psuedo-white line about how much to cover any company to please all you whiners, they won’t. News is business too!
I think the point you wanted to make is that this isn’t about Twitter at all, it’s about the integrity of the internet. And it affects everybody that commented on this write-up – even the uneducated douche-bags.
true. this is how i look at it because somewhere in the world someone is interested in things i am not…and although i am getting used to the what is posted on tc even i know the obvious. it doesn’t do me any good to keep crying about it. if i don’t want to read a story i don’t read it. if i feel it’s not news then i won’t read it/not care about it…but i don’t go and comment, “omg why is this shit constantly here,” or “you’re proving that nothing else exists aside from x” or some of the other things i’ve seen commenters post. when i want to read the latest inane non-story about dumb things i do, and when i want to read the latest research, i do…i realize that i have options. i mean i am a whiner, but i’ve seen enough of those type of comments (whether they are jokes or not) to agree with the first part of what tim dorr said…the second part not so much.
That picture you used for this post really messes with my eyes.
TweetDeck has been mostly working for me today and last night. I normally use HootSuite and that’s been virtually 100% offline. Seesmic web is a nice similar interface and that’s 100% down too.
Dan, TweetDeck, Seesmic and HootSuite all call twitter via it’s API’s.
No app, no app including twitter.com, has IFAIK any more of a direct streem than via the API’s… one down all down…
I agree about the image thro… ouch!
it’s definately an eyesore.
Find those who attacked and HIRE them.
No.
IMHO the best way to defend against these attacks is to support @cyxymu
Follow him, and show whoever is hitting twitter and co. that we won’t stand for it!
Twitter should ask Google what their systems did to avoid this (since google was attacked at the same time but with little effect).
apparently MS wasn’t very to FB in that regard. heh.
I’m going to go with economies of scale. Google’s infrastructure is pretty much one of the largest in the world. It would take a world-wide coordinated DDoS to even make Google blink.
Twitter, FB and LiveJournal have a very long way to go before they even come close to having the same size infrastructure that Google does.
How about billions upon billions of dollars invested in server architecture? DDoS affects one server at a time…it would take a big ass botnet to take down Google
You’re channeling Carl Sagan.
“A galaxy is composed of gas and dust and stars — billions upon billions of stars.”
It’s simple, run this little experiment.
ping google.com -t -l 1000
ping twitter.com -t -l 1000
Notice one key difference that makes DDoS attacks less powerful.
Do your own thinking:
Facebook tries to buy Twitter, failed:
http://www.tech...r-over-for-now/
Facebook gets a 200 Million investment from a Russian:
http://www.tech...vestment-video/
Facebook projects 550 million revenue to get Yuri’s investment:
http://www.tech...be-550-million/
In order to reach the 550 million projection, facebook tries to charge the advertisers triple the phantom hits:
http://industry...second-lawsuit/
So Yuri realize that his entire investment in Facebook has been a scam, and in order to salvage Facebook, launches this attack against Twitter:
http://en.wikip...uri%27s_Revenge
HEHEHEH
sounds like a good motive, except FB was attacked too!!
Facebook attack was “self-inflicted”, but that was just a simple misdirection. The attack didn’t bring down facebook,that was the point.
The attack was to show that facebook had a superior architecture over Twitter’s, and to avoid attention.(Exactly with your kind of reasoning: omg, Facebook was a victim too right
who cares! Jesus!
lol. invoking jesus. you must be at a limit.
did you read it…why would you click on something you don’t care about. are you like me and you just like torturing yourself? or are you actually telling mcg to do write ups on diverse subjects?
Geopolitical? Don’t rule out the glorious Nation of Kazakhstan, who sent a covert operative to the United States in 2005.
http://upload.w...25/Boratmoi.jpg
Seriously if the attacks are coming from other nations it should be a concern to all websites, not just the social network sites.
I can’t figure out why someone thought a DDOS would silence anyone. Were they going to keep it up forever, with the plan being to shut down Twitter, Facebook etc for good? Did they not think someone might just move to a new service? Were they trying to get that person kicked off each service, this forcing him to restart his network of readers from scratch? Frustrate and intimidate him into thinking wherever he would move would be targeted next?
Or was there some kind of time sensitive event that cyxymu was covering that only required him to be offline for a specific amount of time?
It’s the anniversary of the Russia-Georgia war right now.
Is your post sarcasm? Or did you really not know that?
As an aside, given the way Twitter portrayed itself during the Iranian elections, they had to expect things of this nature to happen. I wonder why they were not prepared?
Another aside, one of the investors I work for immediately poured money into a Chinese micro blogging service when the infamous Twitter #IranianElections hoo-ha took place. He told me that my analytical services would no longer be required. He no longer needed my report on the relative merits of the players, foreign and domestic, in China’s market. He reasoned, quite correctly, that Twitter would have a lot of outages in China. Especially since, in the eyes of Beijing, they were seen as cooperating with the State Department. Sure enough, as soon as race riots broke out in Uyghur country, down went Twitter service in China.
I was not aware of the anniversary date either, nor was I being sarcastic.
My point still stands: Sure, there may be a few more eyes on something doing anniversaries, but does that mean nobody is going to listen to them the rest of the year? Why would you chose a method that would only temporarily silence someone?
Eh, use your imagination. The guy could possibly have some intelligence that certain agencies don’t want leaked. He could have a price tag on his head. He could be living underground. And this could be a very quick means to assure he can’t easily speak publicly.
Just one possibility which I’m sure is completely incorrect, but plausible all the same.
and I guess the investor now also realizes that the big twitter like apps in China, being fanfou.com, jiwai.de, digu.com in China are down as well.
i agree with this. i’m not surprised this happened especially now that i heard on the radio that it’s coming from russia or from that side of the world specifically, but what i am surprised about is how twitter and some of these other websites didn’t prepare for something inevitable like this. i actually expected a retaliation earlier (i guess they’ve been getting lots of dos attacks though since all of these conflicts) since i heard one of the developers, who was working on the program that allows people to circumvent the government blocking of access to some of these sites, say that the government is getting all it’s tech people to keep up the firewall and that they are getting mad. he said some of the hackers with political ties/specific beliefs are also mad about the involvement of these websites and would try to go on the attack. i saw it on cnn a couple months ago. i forget the name of the program that was being used, but it was one of it’s developers and i think it’s local.
but then again it can always be a 15 year old behind this.
you’re right. if anything this guy’s pages are now world famous. the hackers’ pages aren’t.
in fact DDOS-ing cyxymu’s and other Georgian bloggers, news agencies and goverment websites is standard event for about a year
(since Russia-Georgia war)
cyxymu has not so small readership base in russia (he posts updates for Russian audience) so attacks on his accounts are more fearsome previously his account was blocked for a half of the year on livejournal.com then he transferred to facebook then to blogger twitter and fotki.com.
What are you smoking? Georgian tea?
i mean this is nothing new in this news for georgian audience
livejournal.com’s (which hosts cyxymu’s main blog) ISP has a policy of freezing account of users who are DDOS-ed. his account was on freeze for about half year, then attacks stopped and cyxymu syndicated his blog on facebook twitter and fotki.com
now after a year of Russia-Georgia war attacks begin again and as result all services which he was using are affected he tried to make another blog but that one was also DDOS
he can only comment on other blogs if needed i can contact him
I think your point is just too straight-forward for many of the people here. A DDoS attack does not silence someone for any significant period of time. It probably just increases the key victim’s popularity. This DDoS attack just seems to be a very feeble declaration of resistance (I hesitate to use this word, because obviously the attackers don’t seem to be oppressed). In other words, Georgian bloggers, Twitter, and other targets are winning.
Can someone knowledgeable care to explain how a DDOS attack can occur by just attacking one user (i.e. singling him out) in a system of millions?
Thanks,
Fred
I’m glad you asked.
Ask yourself why this wouldn’t happen with email or websites.
It doesn’t matter if the target is 1 user or 10000 users. The target is on Twitter’s system and that system has to handle all of the traffic and requests that are coming in.
Most systems don’t have any throttle for a particular page or function for a consumer site such as Twitter.
They didn’t attack just one person, they attacked the website that one person uses to communicate (Twitter)
Think of it this way, you’re standing alone in front of a store waiting for the doors to open. If you were the only person to walk through the doors when they opened, shopping would be quick and trouble free.
Now imagine your alone waiting for the doors to open and 10 big busses pull up and let 500 people out to wait with you for the doors to open.
Those 500 people are not there to shop, their only purpose is to walk around, plug isles and generally just get in your way and slow you down. (Denial Of Shopping if you will)
You’re a public school teacher, right?
“their only purpose is to walk around, plug isles and generally just get in your way and slow you down.”
Dam Million2OneBrah, have you been walking round my town on a weekend!
lol. thanks for the example. i’m one of those people on the bus.
OK this is the workaround:
Send emails consisting of just a subject line.
“yeah hello, twitter here. listen if our site’s down, it’s TERRORISTS. When our search is broken its the SOVIETS. and the other day you saw that whale, it was ALIENS (besides whales don’t fly). we’ve decided not to invest to security, so that when no other site but ours site goes down, you know you should wear your tin foil hats
HA!
tha attacked occured not only on twitter
but on facebook , Livejournal, fotki.com
that’s what i m saying. facebook did not go down (livejournal did, even for a while). twitter is not a tiny site, nor are they underfunded. they need to work on the technical side of things, not just talk shows
Agreed, talk about a major f*ck-up – if this is how poorly they have their infrastructure setup. You have to wonder if the Gov isn’t working with them for some recourse.
that’s what i was trying to ask in the other thread. i understand that this is a large dos attack and many sites were affected…but why is fb (maybe because it’s been established longer, but that shouldn’t be a reason) not down and twitter is? so i was asking if the point was always to hobble twitter all along. so is the attack equally to all these social media websites or is it mostly directed at getting twitter to lose it’s capabilites or was twitter the most affected BECAUSE of it’s security infrastructure uhm and maybe it’s lack of preventions set up for attacks of this nature. i understand from what was said in the two previous twitter threads that you can’t prevent a dos attack and there’s no guarantee that preventions work/will work.
lmao. hey don’t mess with twitter
Cyberwar with psych dimension and a big pushback after the twitter revolutions. When the State Dep mentioned it during #gr09, they signaled its strategic value as a target and should have moved to decentralized it.
where do I contribute so the DDoS’ers can increase the attack to 100 times…
putting Shitter out of business for good would be such a great service for humanity. Taking Fecesbook out would be icing on the cake.
Lex. Dude.. go away.
Ahhhh your cool……Lex do you prefer Butthead or Beavis?
dude, Beavis. Butthead takes himself too seriously.
Wonder why Twitter doesn’t use IG2000 from http://www.intruguard.com
That’s a great solution we have been using for DDoS mitigation and know many social networking sites that use it…
For the record, Twitter is still dead for me. I can load profiles just fine but tweeting hangs without posting.
I’ve said it now once and I’ll say again that the Internet’s got to rethink its strategy here, where the thugs can literally knock out a significant communication mechanism. Eastern Europe’s got us by the balls
http://www.malc...ersus-thuggery/
Its actually interesting to learn about Twitter DOS attacks.
yeah. maybe if i was a twitter user i wouldn’t like this at all but it’s all interesting to me. everything is good if you can continue to learn, which i am.
i should’ve just said it seems that non social media users & social media users can or cannot be interested.
i don’t use any social media websites but i’m interested either way.
If you really want to make someone’s life a living hell, just massively report them as spam. There is no reason to take an entire site down just for one person. It seems like a lot of trouble just to get one person. Mixcloud was down yesterday too. I didn’t even hear about it in the news anywhere.
Except by taking the site down, you send a message to their followers/friends/supporters.
It was inevitable that we would eventually see these kinds of attacks on social networking sites. I love Twitter (my personal learning network, water cooler, and help desk) and Facebook (keeping in touch with friends old and new, family, colleagues, and online co-edubloggers), but I don’t expect these sites to be functioning 24-7-365 because I know that eventually there will be an attack or some other tech issue that results in downtime.
I think some of the news commentary that made fun of Twitter users was uncalled-for and juvenile. Not everyone panicked when it went down. Sure, it was inconvenient, but many of us had backup plans for staying in touch with anyone that we really needed to stay in touch with.
We should upgrade our online security systems because any online terrorist can spoil our online digital property.
What are you planing about your online security for your blog or website?
i heard this on the radio for my local and also on radio netherlands and other world radio stations. they all kept pronouncing the bloggers name wrong, which was amusing. who is this cxymu person…and why is he/she/it being attacked by russians (i know about the conflicts between the two countries/people, but can it be for other reasons)? so cxymu is georgian? this all seems pretty childish to me but who am i to talk. i can’t believe this is how people act. i guess this is what happens nowadays though.
Twitter and FB are just that – TOYS. They are not useful for any serious business because they’ve been built as TOYS.
Another stupid toy like that is the so called ‘Open ID’. It won’t stand the first blow of the wind in a business-environment.
also with the radio update i heard there was an interview with a tech guy who said he had been at a social media forum security forum and while he was online tweeting, another atendee came up to him with his twitter password. he still sounded a little bit shocked saying that but he said more than once that twitter security is not good. so i guess the word is out.
i just read this link someone posted, barrett lyon, in the previous thread that helped me understand this more.
http://www.blyo...wn-due-to-ddos/
and the pic he used was pretty funny. good design.
Guys, this is serious! Someone’s trying to kill Twitter!
I’m afraid, so very afraid… If they can kill Twitter, what chance will I have? Or my children and their homely friends?
Someone call Keanu Reeves. This is getting out of hand.
Twitter Marketing Credit Card Statement:
A plug on Oprah: ~10 million dollars
Twitter use in the Whitehouse: 40 million dollars
Being blocked in China: 50 million dollars
A DDoS attack by “terrorists”: Priceless
Please stop the Twitter attacks. Please.
If you ask me the attacks are politically motivated. They want to close down twitterspam.
Freedom of speech is at stake here.
I hope they close Twitter down for good. Enough is enough. If you build a business model around spam a.k.a Techcrunch and CNN, this is what happens.
So be forewarned folks.
correction: a.k.a @techcrunch and @cnn
What, what? Geopolitical Attacks?! LOL You have to be kidding!
Sounds like a bunch of script kiddies who found out how to coordinate an ICMP flood. GG nubs.
However, if they actually mean business, then that pile of horseshit Twitter will finally be wiped off the map.
I actually find it funny that people are frightened for such a shitty “service” which is really nothing more than a poorly written messaging toy.
Honestly, I am so tired of hearing about anything related to Twitter
If it can happen to them, it can happen to just about anyone. That is the issue IMO. The internet and specificially communication sites, were turned off like a light switch.
Democracy is founded upon communication – the more communication, the more difficult it is for autocrats to impose their will on the populace. Any attack on forms of communication is an attempt to suppress free speech and should be opposed. Even if you despise Twitter/FB and all other social media, you should recognize that and take it seriously. I don’t think those of us in the US really comprehend what it means to be censored.