Windows

Why Twitter Was Attacked

Posted by on Aug 7, 2009 | 2 Comments

Q: Should I be concerned about using Twitter since it was attacked by hackers? – Julie

A: The recent shutdown of Twitter by what is referred to as a Distributed Denial of Service (DDoS) attack should not concern Twitter users from a security or privacy standpoint.

A DDoS attack is generally used to render a website useless because the attackers have an agenda that is served by wreaking havoc on the site. In most cases, it is financially motivated (blackmail) or cause motivated (we want you to change the way you do business, etc.), but we have yet to understand the motivation behind this attack.

Think of it as a very popular radio station contest that generates so many callers that no one can get through. A DDoS is simply the ability to get a large number of computers to all simultaneously bombard a single website with thousands of requests, which makes it impossible for regular traffic to get through (we all get a ‘busy’ signal).

Since Twitter was not the only site attacked, it’s very likely that someone was using this as a demonstration of a powerful ‘botnet.’

As we have discussed in this column before, botnets are a collection of infected computers that can be remotely controlled by a single computer to perform any instruction that is sent out.

Many of today’s viruses and worms are designed to slowly and silently ‘recruit’ agents for these networks as the larger the botnet, the more damage, spam, identity theft and other malicious activities it can generate.

This means that many of you that are reading this column are unknowingly participating in these attacks, because your computer has silently been infected and recruited as an agent on a botnet.

Once the network of compromised computers gets big enough, it’s offered out to the Internet underworld as a ‘rental by hour’ weapon to do whatever the renter wants to do with it.

My guess is that someone wanted to demonstrate the power of their botnet to potential customers and what better way to get lots of publicity than go after one of the hottest, most talked about websites in the world right now: Twitter.

Unless you have built a business around your ability to use Twitter, you shouldn’t really be too concerned about the attack as DDoS attacks of various forms have been going on for over a decade.

Past high profile DDoS attack victims include CNN, Yahoo, E-bay & Microsoft just to name a few and these types of attacks will continue to plague the Internet.

The real awareness from this event should be that if we all made sure that our computers were kept up-to-date and avoided dangerous activities that expose us to becoming a silent agent, these types of attacks would be less likely.

Unfortunately, far too many Internet users are ‘asleep at the wheel’ when it comes to keeping their computer maintained and protected from the daily threats.

You are most likely to become infected by a botnet agent if you don’t relentlessly keep your operating system (Windows, MacOS, etc.) and anti-malware programs up to date and especially if you are careless about what you click on or download (fake video scams are very popular at the moment).

Users of file sharing networks, adult content sites, crack code sites or any of the fringe activities on the Internet are at a much higher risk of being infected as what you think you are downloading or viewing is distracting you so the agent can slip in behind the scenes.

As I have said for years, if you live in a household with high-speed Internet and teenagers, you better make extra sure you understand what kind of activity is taking place on your computers.

Hackers know that teenagers are fearless on the Internet and the they always look to get something for nothing, so they plant infected files all over the Internet where they know teens like to congregate.

Botnet agents are very good at hiding from your security software, so in addition to keeping everything updated, if you notice that your computer’s hard drive light or Internet activity lights are constantly flashing when you aren’t doing anything, have a technically experienced person ‘take a look under the hood’ to make sure that you aren’t unknowingly part of a botnet.

Ken Colburn
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to CNN.com
Host of the award-winning “Computer Corner” radio show

  • http://Thecaptainsquarters.co.cc CaptainZM

    I’m 19 and I understand proper security. my brother on the other hand is only a year younger and is pathologically retarded when it comes to security. The Firewall gets turned off because it “Slows down his game.” So rather than just assume the basic defense I set up is doing its job and only doing a weekly scan, My AVG runs every night at midnight checking to make sure he didn’t fuck anything up.

    On another note, Twitter getting DDOS’d is hilarious, because like Myspace, people will be at a loss at what to do when their precious time waster is gone.

  • Sean

    Err, DDoS doesn’t need any skills, probably a noob… The only thing that the person needs is just a cool way to spread files which are 7 KBs…or so… :

    Eh.