How Did Hackers Cripple Twitter?

How Did Hackers Cripple Twitter?

Hackers slowed Twitter to a standstill early on Aug. 6, frustrating millions of users. For the culprits, all it took to snarl the popular social-networking site was one of the oldest tools in the Internet hacker handbook: the Distributed Denial-of-Service attack , a method that has been used in the past to crash some of the Web’s largest sites, including Yahoo! to CNN.

DDoS attacks are surprisingly low tech. Using a network of computers controlled by a single master machine, the hacker tries to overwhelm the a website’s servers. It’s a brute force approach — the network of hacker-controlled computers flood the server with requests for data until the server overloads and comes crashing down. Graham Cluley, a computer security expert, likened the attack to “15 fat men trying to get through a revolving door at the same time.” The attacks do no lasting damage — user data isn’t compromised and the site isn’t down for long. Once the fat men stop rushing the doors, everything returns to normal.

Adding to the chaos is the fact that “zombie” computers often show no signs of being infected. Hackers look for computers with security vulnerabilities and infect them in advance of an attack. When the hackers are ready to launch the assault, the master computer awakens its zombie army and the attack begins. Because DDoS utilizes multiple computers from multiple locations — and because hackers may only use their network for a single attack — there’s no way to protect against a seemingly random array of computers suddenly going rogue. Once the attack begins, websites can try and trace the sudden flood of traffic back to the source computer and filter it out, but even that’s a complex process. Internet service providers say they’re rarely able to identify the master computer behind of a DDoS attack.

This method of causing computer chaos has been used at least as far back as 1998, when the first software tools were developed to assist in the DDoS attacks. But the attacks didn’t garner much attention until 2000, when Amazon, eBay, Yahoo! and CNN were brought down in a single week by a Canadian teenager. They’ve been a scourge ever since, and have even been employed in cyber-warfare. During the war between Russia and Georgia last year, hackers brought down several Georgian websites using a DDoS attack. And in the aftermath of Iran’s tumultuous election in June, several international computer networks were trained to take down sites belonging to President Mahmoud Ahmadinejad.

While some Facebook services were unavailable early Aug. 6, Facebook officials said it wasn’t immediately clear if this was related to the Twitter attack.

Follow TIME on Twitter.

Become a fan of TIME on Facebook.

Share