In Twitter’s case, the culprit has been confirmed as a denial-of-service attack. A note on the Twitter status page states “we are defending against a denial-of-service attack“. There is no word yet on the cause of the LiveJournal and Facebook issues that have been reported. Needless to say, the fact that three popular social networking services are all having a bad morning hints at the possibility that the most important parts of the social internets are under siege.
Denial-of-service attacks are nothing new, of course. They’ve brought many a site down and have even been used as a bargaining chip for extortion attempts. So it’s not entirely surprising that someone has turned their attention to Twitter and possibly other popular social networks.
The apparent effectiveness of the attack in knocking Twitter out (Twitter is still unconscious) would indicate that Twitter is facing a distributed denial of service attack in which the culprits use multiple distributed sources to slam a particular system or network. Given the prevalence of large-scale botnets in the hands of troublemakers and internet criminals today, such distributed denial of service attacks can be extremely difficult to defend against.
Of course, using botnet resources to bring Twitter down isn’t exactly a profitable use of a botnet (unless there’s some sort of back story here) so this doesn’t happen every day but today’s event does highlight the vulnerability just about every website is exposed to. The economic liabilities associated this vulnerability are significant; even if you’re not making lots of money (a la Twitter), downtime has other consequences (decreased user loyalty, loss of reputation, etc.).
Let’s hope that Twitter recovers soon so that time can restart and let’s also hope that the incidents with LiveJournal and Facebook are completely coincidental.