www.herald-journal.com
Denial of service attack shuts down popular social networks

August 17, 2009

by Mark Ollig

Anybody else go through Twitter and FaceBook withdrawal a couple of weeks ago?

As you know, both of these online social networks were the targets of DDoS (Distributed Denial of Service) and DoS (Denial of Service) attacks.

This cyber attack was able to bring down the popular Twitter web site by overwhelming the site’s computer servers with millions of simultaneous and repeated page view requests.

The number of requests coming in all at once made it impossible for Twitter’s servers to handle the traffic load and so it eventually made the web site unreachable.

Distributed Denial of Service attacks are typically carried out by what is commonly called a “botnet” (roBOT NETwork).

A botnet consists of a large number of “zombie compromised computers” that are used to create and send spam or viruses, or flood a network with messages, such as denial of service attacks.

Botnets are also known as a “zombie army.”

Here’s the thing, whenever you type in a URL address on your web browser window, send a tweet over Twitter, perform a Google search or pretty much anything else you do over the Internet, you are sending a request to a web site operating on a computer server. The computer server processes your request and returns the result back to your browser.

Now, picture an extremely large army of “zombie computers” under botnet control, sending millions of “requests” which contain assorted searches and constantly repeated requests – simultaneously and at maximum speed – to the targeted web site’s computer server. In the case of the Twitter, one can think of millions of tweet messages being requested and sent.

The targeted computer server’s processors can become overwhelmed and the server may eventually crash, as was the case with Twitter.

CNET News stated the perpetrator was a certain blogger with the account name of “Cyxymu,” who had set up user accounts on all of the different sites that were attacked at the same time. This is according to Max Kelly, who is the chief security officer at Facebook.

“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly said. “We’re actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can.”

“The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources,” Kelly said. “If they’re asking our infrastructure to generate hundreds of pages a second, that’s a lot of pages our users can’t see.”

Kelly declined to guess who was behind the attack, but he did say, “You have to ask, who would benefit the most from doing, this and think about what those people are doing and the disregard for the rest of the users and the Internet.”

The social networks targeted by this blogger were Facebook, LiveJournal, Google’s Blogger, YouTube, and of course, Twitter.

Twitter suffered a total site outage and Facebook also had major problems being accessed by its users.

I use Twitter every day, and found I was unable to access it the morning of Aug. 7.

Twitter was under a cyber attack.

The Twitter cyber attack was very complicated. It was not just a DDoS; it was a DNS (Domain Name Server) DDoS Amplification Attack.

To get the details on what a DNS DDoS Amplification Attack is, check out this shortened URL link to an article from the Watchguard web site: http://tinyurl.com/okfodt.

Another link which shows a cool graphic and briefly explains DDoS and DoS can be found at http://tinyurl.com/kkv9fu.

In researching these DDoS attacks on web sites, I learned computers which have been affected by viruses or other malware (malicious software) are instructed by the botnet infected computers to visit specific web sites – constantly – without stopping.

This bombardment of constant connection requests may eventually overpower these targeted web sites; making it so genuine web traffic (you and I) can’t get through to them. We would be seeing a message saying “Error Code 10060: Connection timeout,” or some similar network message.

Such a coordinated attack usually requires the efforts of tens of thousands or more of hijacked computers, which together form the botnet I mentioned earlier.

Facebook and Google were able to minimize any crashes to their web sites, including Google’s Blogger, YouTube, and Google Sites, (Google’s free web site service).

As I write this column around noon Aug. 11, I glanced at my news pod and just learned Twitter is once again inaccessible due to a site outage. Twitter did confirm this as another DDoS attack.

Update: I was able to access Twitter late in the afternoon Aug. 11. Twitter send out this tweet to all of us users, “We’re back up and analyzing the traffic data to determine the nature of this attack.”

This week’s “Web Site of The Week” forum will feature more information about the recent Twitter outages and other DDoS attacks which have occurred on the Internet.