Twitter explains Thursday outage

Exec says cascading bug, not a hack or anything else, knocked Twitter off the Web twice yesterday

A Twitter executive last night offered an explanation for the cause of an outage that twice knocked Twitter offline around the world on Thursday.

Twitter first crashed around 12:30 p.m. Eastern time on Thursday. The outage affected all platforms and took down both third-party and Twitter apps on the Android and iOS platforms.

The site returned around 1:15 p.m.

In a blog post on Thursday night, Twitter's vice president of engineering, Mazen Rawashdeh, said company engineers found a cascading bug in one of Twitter's infrastructure components. That means the bug didn't just hit one particular software element, but "cascaded" across the system, he said. "This wasn't due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today," Rawashdeh added.

"One of the characteristics of such a bug is that it can have a significant impact on all users, worldwide, which was the case today. As soon as we discovered it, we took corrective actions, which included rolling back to a previous stable version of Twitter," he added.

A hacker group claimed to be responsible for Thursday's outages, but Twitter said that was not the case.

Shortly after the outage was fixed, Computerworld and other news organizations received an email from someone claiming to be a member of UGNazi, also known as the Underground Nazi Hacktivist Group. The email claimed that UGNazi took down Twitter with a distributed denial-of-service (DDoS) attack.

"Twitter supports the CISPA bill and we wanted to show what we really are capable of," the group said in a separate email.

That email was referring to a controversial cybersecurity bill known as the Cyber Intelligence Sharing and Protection Act. If enacted, CISPA would increase the amount of information that is shared between technology companies and the government.

Gartner security analyst Lawrence Pingree said UGNazi could have launched an attack on Twitter, but that may have only been coincidental.

"If a company is being taken down by a third party, I don't really see them blaming themselves," he said. "Are [hacking groups] capable? Yeah. Denial of service isn't something you can completely stop [but] it's hard to say if there was an attack."

Chet Wisniewski, senior security adviser at Sophos, is skeptical of UGNazi's claim.

"There is no reason to believe the outage was due to any activities by UGNazi or others who say they were responsible for the outage," said Wisniewski.

"Ultimately, the only organization that knows the truth is Twitter, and there is no reason to believe the statements they have made are not true," Wisniewski added. "It is difficult to determine the exact nature of the outage from the outside, but my personal experiences during the outage are more consistent with Twitter's explanation."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, or subscribe to Sharon's RSS feed . Her e-mail address is sgaudin@computerworld.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies