Sign of a massively coordinated distributed denial of service attack

Aug 7, 2009 08:32 GMT  ·  By
Massive distributed denial of service attack affects social networking websites
   Massive distributed denial of service attack affects social networking websites

Various social networking, blogging, and other popular services such as Twitter, Facebook, Blogger, LiveJournal, YouTube or Google Sites were the target of a massive DDoS attack yesterday, which impacted them in different ways. The intended target appears to have been a pro-Georgian blogger with accounts on all of the websites.

Twitter was the most affected service, experiencing intermittent downtimes for millions of users across the globe. "Site is down. We are determining the cause and will provide an update shortly," read an announcement posted on the Twitter status page. Another note posted a bit later made it clear that an attack was causing the problems.

The website was eventually back, but load times continued to be affected for most of yesterday. Third-party Twitter-related applications also had problems, as the Twitter API was unresponsive or was dropping requests.

"Over the last few hours, Twitter has been working closely with other companies and services affected by what appears to be a single, massively coordinated attack," Twitter co-founder Biz Stone wrote on the company's official blog. "Today's massive, globally distributed attack was a reminder that there's still lots of work ahead," he concludes.

Facebook was also hit, but its infrastructure allowed it to fend off the attack more easily. Nevertheless, Facebook users in some areas of the globe still experienced slowness and service degradation. "The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources. If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see," said Max Kelly, chief security officer at Facebook, according to CNET News.

Blogger, YouTube and Google Sites were targeted as well, but Google's cloud was able to handle the load successfully and with minimal impact on the quality of service. LiveJournal confirmed to PC Magazine that its site was hit and had some problems too, causing some pages to be inaccessible.

Facebook's Max Kelly revealed that the reason for the mysterious attack was a Georgian blogger calling himself cyxymu, who has accounts on all of these websites. The simultaneous hits were likely an attempt to silence him. "Unfortunately I was the target of attack. Offer our apologies to all," (translated) he writes on Twitter.

There is no information as to who might be responsible, but one thing's clear – to launch such a massive attack requires a huge amount of resources. If anti-Georgian hacktivists are behind this, they have proven their disruption abilities before, during the armed conflict between Russia and Georgia.

All affected companies are reportedly working together to investigate the incident. Cyxymu's LiveJournal page was still inaccessible for us at the time of writing this article.