The U.S. Computer Emergency Readiness Team says it's impossible for Web developers to fully
prevent such attacks.To protect their computers, consumers should update anti-virus software, create passwords that are difficult to crack and maintain computer firewalls, the agency says.
Twitter hit by denial-of-service attack
By John D. Sutter
CNN- Internet attacks shut down the social networking site Twitter for about two hours on Thursday morning and caused glitches in other sites like Facebook and LiveJournal, a blogging site.
Some Twitter users expressed near-panic that the site was not working properly Thursday.
It's unclear if the attacks were coordinated against the social media sites.
Twitter says its site's blackout was caused by a "denial of service attack," which likely means a hacker used a herd of infected computers to send bad information to the site to overwhelmed it.
A post to Twitter's blog said its Web site was back online before noon ET, but the site's users still were reporting problems.
"We are continuing to defend against and recover from this attack," the message from the company says.
Facebook and other social networking sites appeared to be affected by Twitter's shut-down, too. Twitter runs applications through those sites and there was speculation that the glitches were related.
"Earlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors," said Facebook spokeswoman Kathleen Loughlin.
"No user data was at risk, and the matter is now resolved for the majority of users. We're monitoring the situation to ensure that users continue to have the fast and reliable experience they've come to expect from Facebook," she said.
Twitter's site went down around 9:30 a.m. ET on Thursday and was back online by about 11:30 a.m.
It's unclear who plotted the attack against Twitter and what their motives may have been. Internet attacks sometimes hit Web sites as they become popular. Security experts say financial motives often are behind modern cyber-attacks.
Twitter -- a micro-blogging site where users post 140-character messages to their followers -- has soared in popularity in recent months. According to comScore, a Web tracking firm, the site had 44 million unique visitors in June.
Thursday's incident highlights the degree to which people depend on online social networks to feel connected to the world.
Some Twitter and Facebook users expressed near-panic that the sites were not working properly. Others reacted with ambivalence.
This is not the first time Twitter has been hit with a cyber-attack. Last month, a hacker broke into the personal Google accounts of Twitter employees, stealing personal information and company financial reports and posting them online.
In an e-mail to CNN.com, Twitter co-founder Biz Stone said that incident is not related to Thursday's security breach.
"There's no indication that this attack is related to any previous activities. We are currently the target of a denial of service attack," Stone said in the e-mail.
"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users. We are defending against this attack now and will continue to update our status blog as we defend and later investigate."
Don DeBolt, director of threat research at CA, a computer security company, said it's too early to tell who or what may be behind the Twitter attack.
But he said denial-of-service attacks target specific Web sites.
"To be effective, [these attacks] need to be focused on a Web site or a series of Web sites," he said. "It's not going to be something where malware (harmful software) is going to be deployed and then randomly attacks Web sites."
John Harrison, a researcher with Web security firm Symantec, said it is very difficult to learn the identity of the attacker, or attackers, as they could be anywhere on Earth and the infected network could span several countries.
Logging on to sites such as Twitter while they are under attack only makes the situation worse because it adds to the overloading of the system, he said.
The U.S. Computer Emergency Readiness Team says it's impossible for Web developers to fully prevent such attacks. But everyday computer users can ensure that their machines aren't used in a coordinated attack like the one seen Thursday.To protect their computers, consumers should update anti-virus software, create passwords that are difficult to crack and maintain computer firewalls, the agency says.