It’s alright, Twitter users. We can all breathe again. The major microblogging site mysteriously went offline mid-day Thursday, and Silicon Valley reps now say that a bug was the culprit behind the crash. Some hackers, however, say otherwise.
On the record, Twitter says that the major malfunction that crippled the social media site on Thursday can be blamed on a “cascading bug,” a glitch that Vice President of Engineering Mazen Rawashdeh explains as being able to quickly spread throughout several elements that make the site run, causing the entire network to crash. In a blog post published late Friday, Rawashdeh writes that neither an overload of traffic nor an attack from hackers hindered the site, and that the company is “currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future.”
According to some Twitter users, though, the company is just trying to cover up for a cleverly orchestrated distributed denial of service (DDoS) attack, a maneuver that overloads servers with constantly accumulating traffic until the computers can no longer handle the demand. The Underground Nazi Hacktivist Group, or UGNazi, is crediting themselves with taking Twitter offline.
“We just #TangoDown'd twitter.com for 40 minutes worldwide!” reads a tweet from the hacktivist group sent out on Tuesday during the midst of the massive crash, which in some areas lasted for over an hour. An administrator of the @UG account followed up the claim on Friday, writing, “When a company has the chance of deniability, they will take the chance to do so.”
In an email sent to Computerworld and other websites, a representative claiming to be a member of the UGNazi hacking group once more assumed responsibility, claiming that the collective was indeed involved in the crash and was able to cause it by way of a DDoS assault. In an excerpt from a separate email published by Computerworld, an UGNazi member says that the attack was made on the site due to Twitter’s support of the controversial Cyber Intelligence Sharing and Protection Act, or CISPA.
"Twitter supports the CISPA bill and we wanted to show what we really are capable of," reads the message.
According to InformationWeek.com — who also received the email — the message continues, “Twitter moved to multiple servers today to try and migrate [sic] the attack . . . It was not a bug."
On UGNazi.com, the group claims to have targeted Comcast, NASDAQ, BP and Google in the past.
Responding to the latest claim, Garnet security analyst Lawrence Pingree tells Computerworld, "If a company is being taken down by a third party, I don't really see them blaming themselves.”
“Are [hacking groups] capable? Yeah. Denial of service isn't something you can completely stop [but] it's hard to say if there was an attack,” he adds.
In the past, DDoS attacks credited to hacktivists aligned with the Anonymous collective have crippled the website for the Central Intelligence Agency, the US Department of Justice, Universal Music Group, the US Copyright Office, Warner Music, BMI, and the Recording Industry Association of America (RIAA). Jay Leiderman, a California-based attorney that has represented alleged Anonymous activist Commander X, has equated DDoS attacks as being on par with a “digital sit-in.”
"Ultimately, the only organization that knows the truth is Twitter, and there is no reason to believe the statements they have made are not true," Chet Wisniewski, senior security adviser at Sophos, adds to ComputerWorld. "It is difficult to determine the exact nature of the outage from the outside, but my personal experiences during the outage are more consistent with Twitter's explanation."