August 8, 2009 in Business

Dispute caused Twitter outage

Attacks continuing on overseas blogger
Barbara Ortutay Associated Press

NEW YORK – The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia – but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.

“It told us how quickly many people really took Twitter into their hearts,” Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday.

Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip.

Twitter “is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it.”

The attacks Thursday also slowed down Facebook and caused problems for the online diary site LiveJournal. But Twitter, the 140-character-or-less messaging site used by celebrities, businesses and even Iranian protesters, suffered a total outage that lasted several hours.

Those attacks continued Friday from thousands of computers pummeling its servers, said Kazuhiro Gomi, chief technology officer for NTT America Enterprise Hosting Services, which hosts Twitter’s service.

Twitter crashed because of a denial-of-service attack, in which hackers command scores of computers toward a single site at the same time to prevent legitimate traffic from getting through. The attack was targeted at a blogger who goes by “Cyxymu” – the name of a town in Georgia – on several Web sites, including Twitter, Facebook and LiveJournal.

But they could have just as well targeted Twitter itself. That’s because the effects were the same whether the excess traffic went to the “” home page or to the page for Cyxymu at “” Same with Facebook and LiveJournal.

“A denial of service attack like this one is a very blunt instrument,” said Ray Dickenson, chief technology officer at Authentium, a computer security firm. It’s as if a viewer who didn’t like one show on a television channel decided to “knock out the whole station.”

Or like fishing with dynamite: You’ll catch something, but the blast will kill dolphins, sharks and other organisms, too.

Just who was behind these attacks is not yet clear, but the dispute was probably related to the ongoing political conflict between Russia and Georgia.

Gomi said the attacking computers were located around the world and the source of the attacks was not known.

The attacks seemed to come in two waves.

The first was a spam campaign consisting of e-mails with links back to posts by Cyxymu. This drove some traffic to the blogger’s postings on various social-networking sites, possibly to disparage him as the source of the spam.

The second and more destructive phase consisted of the denial-of-service attack, which attacked the sites’ servers by sending it lots of junk requests – presumably to prevent people from reading his viewpoints.

It would have been much harder for the perpetrators of the attacks to isolate Cyxymu’s accounts on each social-networking site and shut it down. To do that, they would have needed to access his password by guessing it or somehow luring him into giving it out.

The blunt approach was easier – and more damaging.

On Friday, the surge of traffic to Twitter was about the same as it was Thursday – as much as 20 percent above normal traffic levels. But Gomi said NTT was better able to filter out the fake traffic, which is why Twitter stayed online.

© Copyright 2009 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Thoughts and opinions on this story? Click here to comment >>

Get stories like this in a free daily email