Update: Twitter limps back to life after DDoS attack

Computerworld - After being knocked offline for about two hours this morning, Twitter warned users that its site still wasn't fully back up to speed.

Twitter went down around 9:05 a.m. ET, according to figures from AlertSite, which tracks Web site performance. The company also noted that Twitter started to come back online around 11 a.m. but only had 40% availability at that time. The microblogging site was more fully operational by 11:30 a.m.

Twitter confirmed this morning that the site had been taken down by a distributed denial-of-service (DDoS) attack.

"As we recover, users will experience some longer load times and slowness," Twitter reported in its status update. "This includes timeouts to API clients. We're working to get back to 100% as quickly as we can."

Twitter had noted the attack earlier in the day and said at the time that it was trying to defend itself.

Twitter co-founder Biz Stone showed his frustration with the situation in a tweet posted late this morning. "We had a lot of things we'd rather be doing this morning, defending against a DoS wasn't one of them," he wrote.

The outage left millions of Twitterers adrift this morning, with many taking to Facebook to voice their frustrations about not being able to post tweets or follow others. One Facebook user noted, "Suffering tweet withdrawal."

A distributed denial of service attack occurs when computers flood a Web site with requests for information -- effectively shutting it off from other legitimate traffic.

"It's a bit like 15 fat men trying to get through a revolving door at the same time -- nothing can move," said Graham Cluley, a senior technology consultant for Sophos, in a blog post. "Don't underestimate the impact an attack like this can have, by the way. Twitter isn't just about meaningless piffle, although there's a fair bit of that. Companies are using it to keep in touch with their customer base, and consumers take advantage of the site's intimacy to get an answer from large companies that are discovering how to have a 'human face' online."

Ken van Wyk, principal consultant at KRvW Associates and a columnist for Computerworld, noted that major Web sites are frequently hit with DDoS attacks but they rarely result in total outages.

"Most sites grow to a level of resiliency that is quite good, although certainly not perfect," said van Wyk, adding that the attacks are tough to defend against. "At some level, they're impossible. Although TCP/IP and our modern networks are pretty robust operationally, overwhelming a data pipe with vast amounts of data can still be an effective denial-of-service attack.

"Very large enterprises are quite good at getting huge data pipes and distributing their processing at geographically -- including network geography -- disperse locations," he said. "These things all make DDoS more difficult to accomplish, but not impossible."

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.