Twitter was left inaccessible for around three hours after it was hit by a direct denial-of-service (DDoS) attack.
The micro-blogging site was inaccessible from around 2pm BST until around 5pm to its users, when it was hit by an ongoing DDoS attack. Access is extremely limited with entry via web and smartphone applications both slow and often failing.
Founder Biz Stone confirmed the attack on his blog, claming that the site was a target on ‘this otherwise happy happy Thursday morning'.
Stone said: “Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users. We are defending against this attack now and will continue to update our status blog as we continue to defend and later investigate.”
The Status Blog claimed at around 4pm BST that the site was down and the team was ‘determining the cause and will provide an update shortly'. It then updated with confirmations that it was defending against a DoS attack, and that it would ‘continue to defend against and recover from this attack'.
Graham Cluley, senior technology consultant at Sophos, said: “It seems to be that people are responding and can get back on although we don't think that it will recover fully for a few hours. It wouldn't surprise me if it is not good for a while though.
“We saw that it went down about three hours ago and it reminded me of the Gmail error from earlier this year which was human error, so unless someone unplugged it to use the hoover I can't see that this time. This was definitely external influence.”
He further claimed that it was not necessarily a Twitter user who hit the site, as it would be easy to use a botnet and launch a typical denial-of-service style attack.
Cluley said: “The feeling is that it could be political or even an Iranian attack, but I doubt that as it is more likely to be a kid in a bedroom showing off at what he can do. There is also the possibility that this could be financially motivated, with someone taking the site down and demanding a ransom to put it back on, but I doubt that too as I can't see Twitter paying money for that.”
Cluley claimed that Twitter will have to invest in some better protection to stop this happening again and there is third-party software that can protect, but that it would be very hard to prevent all DDoS attacks.