Earlier today social networking site Facebook and micro-blogging service Twitter were both hit by DDoS attacks. I’ve heard that the service on Facebook was significantly slowed and Twitter was totally inaccessible for a couple of hours and too slow to use effectively for a few hours after that too. Both Twitter and Facebook believe that their services were hit by a Denial of Service attack, meaning that their servers were bombarded with data with the express intention of bringing them to a standstill. Facebook have since assured customers that their user data was not compromised and remains perfectly safe.
Speaking of Twitter, Graham Cluely from Sophos said,
“Clearly they need a stronger infrastructure to be able to fight this kind of attack.”
The timing of the attack against Twitter was, in some ways, ironic as there has recently been a large amount of talk on the service about their new and improved security measures, designed to minimise the risk of users clicking on links to known malware sites. Considering that no user information was stolen I have to wonder why someone, or a group of people, would have gone to the bother of using a botnet to initiate a DDoS attack against these sites?
All I can think of at the moment is that someone is looking to make a name for themself or, alternatively, that they were looking to publicise the power of their botnet, something that could in fact earn them a significant amount of money from a suitably warped audience.
Why do you think Twitter and Facebook were targeted?