Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/21/2012
06:29 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Twitter Crash: Hack Or Hardware Fail?

Twitter blames a cascading bug, but hacking group UGNazi claims responsibility.

Twitter was unavailable for about two hours Thursday due to a bug or to a denial of service attack.

Twitter claims the problem was equipment-related. "Today's outage is due to a cascaded bug in one of our infrastructure components," a company spokesman said in an email, denying the involvement of hackers.

The hacking group UGNazi, however, claimed via Twitter to have been responsible for taking down Twitter.

In a separate email sent to InformationWeek, a person claiming to be Cosmo, one of the individuals associated with UGNazi, reiterated that claim. "Hello, I am Cosmo from UGNazi and I would like to inform you we just took twitter.com down with a DDoS Attack. It has been down for 20 minutes now," the email said.

[ Read Social Game Maker Stops HTML5 Project. ]

The person claiming to be Cosmo disputed Twitter's denial in a follow-up email. "Twitter moved to multiple servers today to try and migrate [sic] the attack," the sender said. "It was not a bug."

Thursday afternoon, Twitter posted more information about the outage.

"At approximately 9:00am PDT, we discovered that Twitter was inaccessible for all Web users, and mobile clients were not showing new Tweets," Mazen Rawashdeh, Twitter's VP of engineering, said in a blog post. "We immediately began to investigate the issue and found that there was a cascading bug in one of our infrastructure components. This wasn't due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today."

Yet asked directly whether UGNazi's claims were inaccurate, a Twitter spokeswoman replied, "We don't have a comment on that."

So could those speaking for UGNazi be telling the truth? Possibly. A DDoS attack, after all, isn't technically a hack. No vulnerabilities or exploits affecting Twitter's systems are involved in sending a flood of data to overwhelm Twitter's servers. Pressed for further clarification, Twitter did not immediately respond.

Cosmo, identified as "Hannah Sweet" on the UGNazi website, was arrested by the FBI in May. The FBI did not immediately respond to a query submitted to its national press office about whether Cosmo could have been involved in the supposed attack on Twitter.

The person claiming to be Cosmo confirmed being arrested by the FBI but, in an email, declined to discuss the matter.

Cosmo's arrest was reportedly related to UGNazi's alleged involvement in the breach of billing company WHMCS in May. UGNazi also claimed responsibility for hacking a Web service called CloudFlare earlier this month in order to conduct an attack on 4Chan.

Though Twitter was accessible Thursday evening, the company's status blog indicated ongoing issues five hours after the initial problem was reported. Twitter has reported far fewer site reliability issues in 2012 than in previous years.

According to Rawashdeh, Twitter has enjoyed its highest reliability to date over the past six months.

Black Hat USA Las Vegas, the premiere conference on information security, features four days of deep technical training followed by two days of presentations from speakers discussing their latest research around a broad range of security topics. At Caesars Palace in Las Vegas, July 21-26. Register today.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
PJS880
50%
50%
PJS880,
User Rank: Ninja
6/22/2012 | 2:15:38 PM
re: Twitter Crash: Hack Or Hardware Fail?
To have Twitter go down for any amount of time is crucial for the real time social media site to function as intended. For Twitter to accept and acknowledge that a DDos attack was the reason, could have permanent scaring on the companyGs reputation. I find it funny that they did not comment on CosmoGs claim that he tweeted he was responsible! You have to admit that it is pretty cocky to admit you are the one responsible for TwitterGs system being down on their website! I think that after the breach with LinkedIn recently, has made Twitter is worried about how their security measures would be under close scrutiny. The truth will come out in the end, and the reason will surface soon enough.

Paul Sprague
InformationWeek Contributor
Ks2 Problema
50%
50%
Ks2 Problema,
User Rank: Apprentice
6/22/2012 | 2:53:17 PM
re: Twitter Crash: Hack Or Hardware Fail?
My gosh, I'm surprised the media didn't just go dark for two hours.

Seems like the ONLY people -- and I'm a web developer among a very fashion-forward, tech-oriented set -- I know who use Twitter -- are the chattering class, who are apparently under the profound delusion that the rest of the world hang on their every 140 character utterance.

It's amusing, but really rather pathetic.
ruggedman
50%
50%
ruggedman,
User Rank: Apprentice
6/22/2012 | 3:24:12 PM
re: Twitter Crash: Hack Or Hardware Fail?
"Hardware Fail"? Sounds like a journalistic FAILURE to me Thomas Claburn. Seriously people...
shuuna
50%
50%
shuuna,
User Rank: Apprentice
6/22/2012 | 4:30:35 PM
re: Twitter Crash: Hack Or Hardware Fail?
If DDoS is GǣhackingGǣ that makes the kid in my building blocking my door with his bicycle guilty of breaking and entering.
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/23/2012 | 12:03:03 PM
re: Twitter Crash: Hack Or Hardware Fail?
I am reluctant to believe in a massive conspiracy to cover up a DDoS attack by blaming it on a bug in their infrastructure. For one, Twitter has been hit with DDoS before, like a lot of sites, and I would argue that a bug causing downtime from a PR standpoint is probably worse. What I fail to understand is why they didn't respond to a direct question on it from the reporter, because by not doing so they are raising more questions. Mitigating DDoS is important for sites like Twitter, but I think the average person has come to understand that from time to time things like this can happen, so I doubt admitting it would have caused any serious damage to their rep.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11083
PUBLISHED: 2020-07-14
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of...
CVE-2020-5246
PUBLISHED: 2020-07-14
Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with L...
CVE-2019-12773
PUBLISHED: 2020-07-14
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product ...
CVE-2019-12783
PUBLISHED: 2020-07-14
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the targe...
CVE-2019-12784
PUBLISHED: 2020-07-14
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess an...