DDoS attack that downed Twitter also hit Facebook
While Twitter was knocked offline this morning, Facebook fared better against the assault
Computerworld - The same denial-of-service attack that took down Twitter this morning also slammed Facebook but with much less dramatic results.
Facebook noted on its site this afternoon that it too was fending off a distributed denial-of-service attack that was slowing its site. Unlike Twitter, which was down for two hours this morning, Facebook remained online.
"You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack," the company wrote. "We have restored full access for most people. We'll keep monitoring the situation to make sure you have the reliable experience you expect from us."
Web site performance monitor AlertSite reported that Twitter's site wasn't back 100% until 2 p.m. EDT. AlertSite also noted that Facebook appeared to suffer little more than a few sporadic errors. Facebook's availability was at 97% at 10 a.m. when the attack was underway, and it was up to 100% availability soon after that.
While there's little more than online chatter and guesswork about the origins of the attacks, security analysts say the incident raises red flags that two giant Internet companies, like Twitter and Facebook would be hit in the same assault.
Randy Abrams, director of technical education at ESET, an IT security company based in Bratislava, Slovakia, said his best guess is that a major botnet herder was offering a demonstration of the power of his botnet to a potential client with a major target in mind.
"They could have been saying, 'Look what I can do to Twitter. I think my botnet can handle whatever you want it to do,'" said Abrams. "I'd put my money on this being a demonstration, a show of force, by someone looking to hire out their botnet."
Graham Cluley, senior technology consultant for Sophos, told Computerworld that whoever launched the attacks should beware the clout of those he's going after.
"Anything is possible, and we could make guesses like this until the cows come home ... We simply don't have enough information yet to be certain as to what the motivation was," he said. "One thing is certain -- if they did do this as a demonstration of how powerful their botnet is, they've just made themselves some new and angry enemies in the shape of some major Web 2.0 companies. I wouldn't be surprised if the computer crime authorities put some serious effort into trying to track down whoever was responsible. After all, if they can bring down social networking sites they can bring down banking sites."
Cluley also said it's not yet clear why Facebook faired so much better than Twitter. It could have been that the bulk of the assault was aimed at Twitter or that their defenses simply weren't as tough.
The attack against Twitter brought the site down between 9 a.m. and 11 a.m. EDT this morning. This afternoon, the microblogging site was still struggling with slowdowns and interruptions caused by the assault.
"As we recover, users will experience some longer load times and slowness," Twitter reported in its status update at 12:46 p.m. EDT. "This includes timeouts to API clients. We're working to get back to 100% as quickly as we can." The company had not posted another update by 3:30 p.m.
Oddly enough, even though the attack hit both Twitter and Facebook, while Twitter was down, frustrated users vented on Facebook. One Facebook user noted, "Suffering tweet withdrawal."
Security Alert
- Whoops! Microsoft leaks patch info four days early
- Researcher raps Apple for not blocking stolen SSL certificates
- Mac OS X can't properly revoke dodgy digital certificates
- Hackers may have stolen over 200 SSL certificates
- Apache patches Web server DoS vulnerability
- Google one of many victims in SSL certificate hack
- Hackers stole Google SSL certificate, Dutch firm admits
- Spike in mobile malware doubles Android users' chances of infection
- Microsoft patches critical Outlook drive-by bug
- 9 security suites: maximum protection, minimum fuss
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Reducing the Cost and Complexity of Web Vulnerability Management
- Hackers and cybercriminals are constantly refining their attacks and targets; which means you need agile tools to stay ahead of them.
Download this... - Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Malware and Vulnerabilities White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Malware and Vulnerabilities Webcasts