Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

A View from Robert Lemos

Forensic Analysis Reveals Details of Twitter Attack

New evidence shows the assault resembled a conventional denial-of-service attack.

  • August 11, 2009

There has been speculation that the attack on Twitter consisted of a widely distributed e-mail containing links to the Twitter page of a blogger from Georgia (the former Soviet state).

Yet, based on available data, that theory doesn’t seem to hold up. The attack may have been designed to silence the blogger, but it is unlikely that the spam traffic amounted to much of a denial-of-service attack, according to network-traffic patterns seen by Arbor Networks, a networking services vendor. According to the company, the attack resulted not from users clicking through a link in an e-mail, but from two common types of packet floods used in more common denial-of-service attacks.

“The attack traffic is not an e-mail click but SYN floods and UDP floods going to Twitter’s space,” says Craig Labovitz, chief scientist for Arbor. “It’s stuff that does not look like it was directly tied to a click-through or e-mail attacks.”

Early on Thursday, Arbor’s network of Internet sensors could tell that traffic to Twitter had dropped by half. While the company collected a dozen or so examples of attack traffic, the company cannot tell from which sources the traffic came, Labovitz says.

Moreover, if the attack’s origin had been widespread, such as when millions of people click on links in e-mail messages, then the firm should have seen an increase in traffic to Twitter, not a decrease. The drop in traffic witnessed by Arbor and other network monitoring services indicates that the attack came from a smaller number of computers that were, in general, not visible to the vendors.

Of course, there are caveats. The link in the e-mail could have exploited an application issue in Twitter’s site to consumer an inordinate amount of resources per click-through. Alternatively, Arbor and other vendors could have failed to monitor the specific paths to Twitter through which the attacks were routed.

“Without more details, it is possible that it went along paths that we were not monitoring,” acknowledges Labovitz.

Why wasn’t Facebook as affected by the attacks as Twitter? The company has a much more robust infrastructure consisting of an Akamai-like distributed hosting service and crunches a lot more bandwidth than Twitter, says Labovitz. While Twitter typically maxes out at 300 gigabits per second, Facebook accounts for 0.5 percent of the bandwidth of the entire Internet, he says.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.