DoS attack against Twitter and other social networking sites

Are you a regular Twitter user? If so you know about the DoS attack (Denial of Service attack) or DDoS attack (Distributed Denial of Service attack) directed at Twitter and other social networking sites. From August 6th, 2009 onwards, I have been trying to post some tweets and reciprocate to some of my followers. But nothing has been working till the time of writing this post.

From news sites I understood about the DoS or DDoS attack on the same day and read on newspapers the next day. The attack seems to be one of the biggest in recent times, as it has paralyzed Twitter and affected other social networking sites such as LiveJournal, Facebook, Blogger, etc. Blogger was the least affected as Google’s preventive measures could stop the attack. Others too came back on service soon while the attack that caused a blackout of Twitter for about two hours is still crippling Twitter that expects to be normal soon.

The DoS attack was aimed at a single individual, a pro-Georgian activist and blogger known as Cyxymu, who has a presence on a number of sites, including Twitter, LiveJournal, Facebook, Blogger, etc. So the attack appears to be directed at him rather than the affected sites themselves. Reportedly, a bot was directed to request his pages at such a fast rate that it impacted service for other users and drove the servers of the affected sites on the verge of collapse.

"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways and, in this case, Twitter, for intended customers or users," Twitter co-founder Biz Stone wrote on his blog.

The microblogging service site Twitter has had a meteoric rise since its launch in 2006 with about 45 million users worldwide as of June 2009. The actual users’ number is likely to be higher as they interact with Twitter through mobile phones or third party software. But still it is much less in comparison to Facebook, which claims to have 250 million active users worldwide.

Both Twitter and Facebook were recently in worldwide attention when they were used by Iranians to co-ordinate demonstrations following the disputed election of Mahmoud Ahmadinejad as president, and as many Iranian protestors believed there was electoral fraud and that opposition leader Mir Hossein Mousavi should have won the elections.

Typically a DoS attack or DDoS attack aims at making server resources unavailable to actual users. Sometimes they target sites or services hosted on high profile servers such as banks, credit card companies, and other sensitive services. In DoS attacks, the miscreants use a bot or malware (malicious software) to flood the targeted server with service requests so that the usual users are denied service. In DDoS, the attacker may take advantage of internet security vulnerabilities of a user’s computer by planting a bot or malware hidden in free downloads. These user’s computers are then used by the attacker to launch attacks on targeted websites.

Mostly attackers flood the target servers with service requests massively so that servers cannot respond to legitimate traffic. DoS attacks are also aimed at either forcing the targeted machines to reset, or consume its own resources so that it can no longer provide any service.