'Massive attack' strikes websites - 7th Aug 2009 12:55pm
'Massive attack' strikes websites
High-profile websites including Google, Facebook and Twitter have been targeted by hackers in what is described as a "massively co-ordinated attack".
![[Linked Image]](http://1.2.3.12/bmi/newsimg.bbc.co.uk/media/images/46170000/gif/_46170943_social_media226.gif)
Reports suggest the strike may have been aimed at a single user, pro-Georgian blogger known as Cyxymu.
Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.
Google said it had defended its sites and was now working with the other firms to investigate the attack.
"Google systems prevented substantive impact to our services," the company said in a statement.
The company has not confirmed which services were targeted in the attack, but it is thought that its e-mail service Gmail and and video site YouTube were under fire.
"We are aware that a handful of non-Google sites were impacted by [an]... attack this morning, and are in contact with some affected companies to help investigate this attack," the company said.
Other sites such as blogging platform Live Journal were also reportedly targeted in the attack on Thursday.
Twitter co-founder Biz Stone wrote on its own blog: "Twitter has been working closely with other companies and services affected by what appears to be a single, massively co-ordinated attack."
He said that the motivation for the attack was unclear and that the company would "prefer not to speculate".
However, Max Kelly, chief security officer at Facebook, told technology website CNET News that the attack was a strike targeted at a Georgian blogger known as Cyxymu.
"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," he told the website.
Writing on his blog, Graham Cluley of security firm Sophos said: "This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble, forcing us to ask serious questions about the site's fragility."
Spam attack
The popular sites were subject to a so-called denial-of-service (DOS) attacks on Thursday, the companies believe.
DOS attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.
"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users," wrote Mr Stone.
These often use networks of computers - known as botnets -under the control of hackers.
The strategy is often employed by protestors against, for example, government websites, said Roger Thompson, chief research officer at security firm AVG.
"Those behind this latest attack may be using it as a means of highlighting the vulnerability of the sites we take for granted.
"There is no profit to be made from DOS and those who do carry out an attack like this will lose their botnet, showing there is no gain to be had."
Some unconfirmed reports have suggested that it was not a DOS attack but the result of a spam campaign containing links to Cyxymu's web pages on the various affected services.
Archived pages on Cyxymu's blog claim he was victim to this sort of attack, known as a "Joe Job".
But Mr Cluley said he didn't think that was a likely scenario. "Most people wouldn't have bothered clicking on the link," he wrote.
"However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DOS from their botnet."
Protest tool
All of the affected services were keen to stress that user's data had not been put at risk in the attacks.
"Please note that no user data was compromised in this attack," wrote Twitter's Biz Stone.
"This activity is about saturating a service with so many requests that it cannot respond to legitimate requests thereby denying service to intended customers or users."
Twitter has had a meteoric rise since its launch in 2006.
A ComScore study suggests that Twitter had around 45 million users worldwide as of June 2009.
However, as many users interact with the service through mobile phones or third-party software, the actual number of users is likely to be higher.
However, that pales in comparison to Facebook, which claims to have 250m active users worldwide.
Both recently garnered worldwide attention when they were used by Iranians to co-ordinate demonstrations following the election of Mahmoud Ahmadinejad as president.
Many protesters believed there was electoral fraud and opposition leader Mir Hossein Mousavi should have won.
Twitter chose to delay upgrade work during the protests to allow communication to continue.
In a BBC interview, co-founder Evan Williams denied the move had been a response to a US state department request.
THE BBC.CO.UK
High-profile websites including Google, Facebook and Twitter have been targeted by hackers in what is described as a "massively co-ordinated attack".
Reports suggest the strike may have been aimed at a single user, pro-Georgian blogger known as Cyxymu.
Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.
Google said it had defended its sites and was now working with the other firms to investigate the attack.
"Google systems prevented substantive impact to our services," the company said in a statement.
The company has not confirmed which services were targeted in the attack, but it is thought that its e-mail service Gmail and and video site YouTube were under fire.
"We are aware that a handful of non-Google sites were impacted by [an]... attack this morning, and are in contact with some affected companies to help investigate this attack," the company said.
Other sites such as blogging platform Live Journal were also reportedly targeted in the attack on Thursday.
Twitter co-founder Biz Stone wrote on its own blog: "Twitter has been working closely with other companies and services affected by what appears to be a single, massively co-ordinated attack."
He said that the motivation for the attack was unclear and that the company would "prefer not to speculate".
However, Max Kelly, chief security officer at Facebook, told technology website CNET News that the attack was a strike targeted at a Georgian blogger known as Cyxymu.
"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," he told the website.
Writing on his blog, Graham Cluley of security firm Sophos said: "This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble, forcing us to ask serious questions about the site's fragility."
Spam attack
The popular sites were subject to a so-called denial-of-service (DOS) attacks on Thursday, the companies believe.
DOS attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.
"Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users," wrote Mr Stone.
These often use networks of computers - known as botnets -under the control of hackers.
The strategy is often employed by protestors against, for example, government websites, said Roger Thompson, chief research officer at security firm AVG.
"Those behind this latest attack may be using it as a means of highlighting the vulnerability of the sites we take for granted.
"There is no profit to be made from DOS and those who do carry out an attack like this will lose their botnet, showing there is no gain to be had."
Some unconfirmed reports have suggested that it was not a DOS attack but the result of a spam campaign containing links to Cyxymu's web pages on the various affected services.
Archived pages on Cyxymu's blog claim he was victim to this sort of attack, known as a "Joe Job".
But Mr Cluley said he didn't think that was a likely scenario. "Most people wouldn't have bothered clicking on the link," he wrote.
"However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DOS from their botnet."
Protest tool
All of the affected services were keen to stress that user's data had not been put at risk in the attacks.
"Please note that no user data was compromised in this attack," wrote Twitter's Biz Stone.
"This activity is about saturating a service with so many requests that it cannot respond to legitimate requests thereby denying service to intended customers or users."
Twitter has had a meteoric rise since its launch in 2006.
A ComScore study suggests that Twitter had around 45 million users worldwide as of June 2009.
However, as many users interact with the service through mobile phones or third-party software, the actual number of users is likely to be higher.
However, that pales in comparison to Facebook, which claims to have 250m active users worldwide.
Both recently garnered worldwide attention when they were used by Iranians to co-ordinate demonstrations following the election of Mahmoud Ahmadinejad as president.
Many protesters believed there was electoral fraud and opposition leader Mir Hossein Mousavi should have won.
Twitter chose to delay upgrade work during the protests to allow communication to continue.
In a BBC interview, co-founder Evan Williams denied the move had been a response to a US state department request.
THE BBC.CO.UK
thats what I thought
