Hackers attack Twitter; Facebook also slows

NEW YORK — A hacker attack today shut down the fast-growing messaging service Twitter for hours, while Facebook experienced intermittent access problems.

Twitter said in its status blog this morning it was “defending against a denial-of-service attack,” in which hackers command scores of computers to a single site at the same time, preventing legitimate traffic from getting through.

The fact that a relatively common attack could disable such a well-known Web site shows just how young and vulnerable Twitter still is, even as it quickly becomes a household name used by celebrities, large corporations, small businesses and even protesters in Iran.

“Clearly they need a stronger infrastructure to be able to fight this kind of attack,” said Graham Cluley, senior technology consultant at computer security firm Sophos. Twitter’s tech support teams, he added, “must be frankly out of breath” trying to keep up with the site’s enormous growth.

For Twitter users, the outage meant no tweeting about lunch plans, the weather or the fact that Twitter is down.

“I had to Google search Twitter to find out what was going on, when normally my Twitter feed gives me all the breaking news I need,” said Alison Koski, a New York public-relations manager. She added she felt “completely lost” without Twitter.

The Twitter outage began at about 6 a.m. PDT and lasted a few hours.

Facebook, whose users encountered intermittent problems this morning, was also the subject of a denial-of-service attack, though it was not known whether the same hackers were involved. Unlike Twitter, Facebook never became completely inaccessible. Facebook said no user information was at risk.

By early afternoon both Twitter and Facebook seemed to be functioning, giving cubicle-bound social media addicts a collective sigh of relief. Twitter warned, though, that as it recovers, “users will experience some longer load times and slowness.”

Technology business analyst Shelly Palmer told AP Radio that denial-of-service attacks are a reality of the information age.

“People tend to want to take sites that are very public and go after them,” said Palmer, managing director of Advanced Media Ventures Group. “In fact you’d be surprised how many sites for major companies are really attacked on a daily basis. This is a crime, it’s a real crime and it should be treated that way.”

Earlier this week, Gawker Media, which owns the eponymous media commentary blog and other sites, was also attacked. In a blog post, Gawker said Tuesday it was attacked by “dastardly hackers,” leading to server problems that caused network-wide outages Sunday and Monday. It was not immediately clear whether those attacks were related to Twitter’s.

Today’s was not the first — and likely not the last — outage for Twitter.

In addition to planned maintenance outages, overcapacity can cripple Web sites, especially such fast-growing ones as Twitter and Facebook.

In fact, service outage on Twitter once were so common that management began posting a “Fail Whale” logo on the Web site to signal when the service was down. The logo featured a whale being hoisted above the water by a flock of birds.

Millions of Twitter users aren’t familiar with the 3-year-old service’s history of frequent outages because they began tweeting in the past six months, around the same time that the San Francisco-based company had was spending more money to increase its computing power and reduce the disruptions. With the added capacity, the Fail Whale rarely surfaces any more.

Even so, the entire site being down means Twitter hasn’t put enough measures in place to prevent such an attack, Cluley said. This could include working with Internet service providers to filter potentially malicious requests from legitimate ones, as well as having dispersed servers around the world.

Denial-of-service attacks are typically carried out by “botnets” — armies of infected computers formed by spreading a computer virus that orders compromised machines to phone home for further instructions. They are typically used to send out spam or steal passwords, though some can be commanded to overwhelm Web sites.