The attack was reported to have hit shortly before 17:00 GMT and despite the claims that the site was back-up, Twitter.com still proved slow and unresponsive at 17:45 GMT.
In a blog posting, Twitter confirmed that it had been hit by the DDoS attack but that it had managed to recover its site despite the fact that the attack was still ongoing.
Here are the following scenarios that took place as logged by status.twitter.com:
Site is down (2 days ago)
We are determining the cause and will provide an update shortly.
Update: we are defending against a denial-of-service attack.
Ongoing denial-of-service attack (1 day ago)
We are defending against a denial-of-service attack, and will update status again shortly.
Update: the site is back up, but we are continuing to defend against and recover from this attack.
Update (9:46a): As we recover, users will experience some longer load times and slowness. This includes timeouts to API clients. We’re working to get back to 100% as quickly as we can.
Update (4:14p): Site latency has continued to improve, however some web requests continue to fail. This means that some people may be unable to post or follow from the website.
President Mahmoud Ahmadinejad was sworn in shortly before an online tool used by his opponents suffered a DDoS attack. Users have also reported issues with Facebook as it joined in the DDoS Thursday Club.
Commenting on the attack, Graham Cluley, senior technology consultant at security software specialist Sophos explained how a DDoS attack works. "A denial of service attack occurs when computers bombard a website with requests for information. Typically hackers can control thousands of innocent users' computers centrally and command them to visit a site that they wish to flood with traffic - making it impossible for other internet users to get through," he said. "It's a bit like 15 fat men trying to get through a revolving door at the same time - nothing can move."
Cluley also questioned why someone would want to take down Twitter. "The question on my mind is - why would someone want to attack Twitter? I can't imagine it's a commercial competitor of theirs, but it could be someone with a political or financial motivation, or a teenager in a back bedroom with access to an awfully large botnet."
Although Twitter has not commented on the potential source of the attack, the micro-blogging site was an important tool for anti-government protesters in the recently contested Iranian elections.
The company's chief executive Evan Williams recently told the BBC that the company had been proud of its part in giving opponents of Mahmoud Ahmadinejad a voice and the decision to delay maintenance work during a critical period for the election. "We did it because it was the best thing to do to support the information flow there at an important time - and that is what we are about," he told the BBC.
In what may or may not prove to be purely coincidence Ahmadinejad was sworn in on Wednesday for a second term as Iran's president. However, Facebook had also been reported to had been experiencing problems which could point to a potential wider attack or simply another coincidence.
While just about recently, NTT America, Twitter's Internet service provider, confirmed that the DDoS attack against Twitter has continued, with huge waves of malicious requests crashing up against Twitter's now-activated defenses. The countermeasures seem to be working as on Friday evening, pages loaded on Twitter without an obvious lag.
It was reported that an e-mail from Michael Wheeler, vice president of NTT America's Global IP Network, included the following update:
We can confirm that the attack has been ongoing and has varied in intensity. On Friday morning, there was an increase in the intensity and the variables of the attack. At various times during the attack, we have seen the levels of traffic rise between 15 and 20 times the normal traffic volume we have historically seen for Twitter.
Wheeler also expanded on Twitter's choice of security level, explaining that different types of business may require different levels of defense against such attack:
Many Financial clients have regulatory requirements that require them to have certain levels of security, including DDoS related situations. In the case of Twitter, they are not required to maintain those same levels due to the nature of their business. Many clients use their own internal tools, external services, or a combination of services to address DDoS related attacks.
On the question of whether Twitter should have had a higher level of security protection, Wheeler said the following:
There is no way in hindsight to conclude what would or would not have minimized the impact of the attack due to the number of variables involved. Generally speaking, more security is better than less, but DDoS attacks vary in size and complexity so there is no way of knowing what may have lessened the impact after the fact.
Twitter has managed to somehow surfaced momentarily. These are the current reports on status.twitter.com:
Scheduled maintenance for Twitter help site (1 hour ago)
Twitter’s help pages will be briefly unavailable during our provider’s planned downtime for database maintenance. For two hours starting at 12:45a Pacific on Sunday, you’ll be unable to make changes to account settings or access help pages. Though web pages will be inaccessible, all email will be routed as usual.
However, it is not known if the DDoS would continue to hinder Twitter's services or not. There might be another large attack, we can just hope that Twitter's defenses can now withstand such attacks.