Technology

NEW YORK (WBZ) ― The battle may be over, but the aftermath is still affecting millions of Twitter users. Twitter's status blog reports service is still not up to the usual par.

Ashley Rosenberg uses Twitter to update her friends on what she's doing from minute to minute. She realized at 9 a.m. on Friday that the site was still cutting in and out, despite reports that it was back up and running.

"I use it for social purposes, but for people who use it for media and marketing and rely on it, it's not fair," Rosenberg said.

One Twitter user has even gone as far as to create a website that simply answers the question "Is Twitter Down?"

ATTACK AIMED AT OUTSPOKEN BLOGGER

It turns out Thursday's denial-of-service attack on Twitter, which also partially affected Facebook, was all aimed at one specific user, reports CNET.

A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial-of-service attack that led to the sitewide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.

The blogger, who uses the account name "Cyxymu," (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said. "We're actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can."

Kelly declined to speculate on who was behind the attack, but he said: "You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the Internet."

Twitter was down for several hours beginning early Thursday morning, and it suffered periodic slowness and time-outs throughout the day.

Cyxymu's LiveJournal page wasn't accessible, but a cached version showed that it was updated on Thursday with a message about the denial-of-service, or DoS, attacks on his accounts on the United States-based sites. "Now it's obvious it's a special attack against me and Georgians," said the message, in Russian.

• Podcast: CNET Discussion On Malicious Web Attack

Rosenberg does not understand why Twitter is not protecting accounts belonging to political figures and celebrities especially.

"This is an example where the attacker wasn't fighting fair. They targeted one person and took down the whole website," she said.

The goal of any Denial of Service is to take out an online resource like a website or database, thus making it unavailable to other, legitimate users. The targets of these types of attacks are typically popular online destinations with many users & a lot to lose by being knocked offline.

Almost 90% of DDoS attacks involve sending a flood of external communication requests to the site's server that at first appear like legitimate traffic. The intent is to overwhelm the server's resources to such a degree that it can't respond to real requests made by real users, effectively rendering the site unreachable or so slow to respond as to be impossible to use for some period of time, denying them service, hence the Denial Of Service moniker.

Such coordinated attacks require the efforts of tens of thousands or more of hijacked computers, which together form a botnet. Spammers send e-mails with malicious attachments or URLs to millions of people to create botnets. Criminals also can lease existing botnets for specific campaigns for as little as 5 cents to 10 cents per bot.

A Facebook representative dismissed a theory that the attack was triggered by a spam campaign in which e-mails had links to the sites. It's unlikely that there would be enough recipients--all clicking on the URLs at the same time--to bring a site down, he said. There was a spam campaign that directed people to Cyxymu's accounts, but it wasn't the cause of the DoS, he said.

"The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources," Kelly said. "If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see."

Facebook and Google were able to minimize any impact to their sites, including Blogger, YouTube, and Google Sites, a free Web site service. Facebook even managed to keep the Cyxymu account accessible to Web surfers from that region, Kelly said, though it was inaccessible to people in other geographic areas, including San Francisco.

This was the first coordinated attack on the sites, and all the companies involved were working closely on the investigation, he said. "My team and the teams that are working together at all these companies are doing a really good job very quickly, and I'm proud and happy," he said.

Twitter and LiveJournal did not immediately return e-mails and calls seeking comment.

A Google representative offered this statement: "We are aware that a handful of non-Google sites were impacted by a DoS attack this morning and are in contact with some affected companies to help investigate this attack. Google systems prevented substantive impact to our services."

Political conflicts between Russia and its former republic spilled online last year with DoS attacks and Web site defacements going in both directions.

Denial of Service attacks are not new. There is a history of similar malicious activity stretching as far back as 2000 with DDoS attacks targeting some of the Internet's most popular sites: Yahoo, eBay, Amazon. Many times, web sites have experienced protracted outages over several days, with an estimated impact of as much as $1.7 billion in lost revenue and damages.

However, it is good to note that DDoS attacks are usually not the direct result of "hacking," "hacking" as a term means breaching a system through various means, a con job or a burglary of sorts. A DDoS attack is most often performed by an army of zombie computers programmed by a few individuals to bang on the a website's "front door" so overwhelmingly, that the site can't respond to legitmate "knocking."

Also worth noting is that these attacks are almost impossible to protect against, and still very tough to handle even once they're identified. Over time the methodologies have become sophisticated enough to make stemming the floodgates of incoming pings tricky even after a DDoS pattern is discovered. In other words, it's still largely a big game of cat & mouse, and depending where we are in the technology timeline sometimes the cat wins & sometimes it's the mouse. On Thursday, the mouse had the upper hand.

Elinor Mills contributed to this report.

(© 2010 CBS Interactive Inc. All rights reserved.)

WBZ's Most Popular

• Guess Who's Irish
• Flooding Rain Hits New England
• Hospital Stops Admitting New Patients
• Spring Starts With Temps Above 70
• Watch Latest Weather Forecast