With the mini-blogging site down from 9 a.m. Eastern time until noon, its millions of members were unable to tweet by Web and by mobile phone. A tweet test brought an error message that the "network request failed."

Twitter engineers weren't saying much, but offered this explanation on the company's official blog: "We are defending against a denial-of-service attack, and will update status again shortly." By noon Eastern time, another update said the site was back up but still fighting the attack.

A Botnet Attack

Denial-of-service attacks typically involve hundreds, if not thousands, of PCs pinging a target.

"Lots of PCs out there have already been compromised with bot clients because they have downloaded or clicked on something, and they have it on their PC and don't even know it," said John Pescatore, a vice president with Gartner's Internet Security team.

Most experts are confirming the incident was a heavy DDoS attack. "From both ongoing and current observations, we have seen a lot of consistent traffic with added route withdrawals and re-announcements emanating from (Sweden and Europe)," said Jart Armin, a security expert with HostExploit. "This, in turn, is affecting Twitter's server via Global Crossing."

There were no reports of Twitter users being affected, other than not being able to access their accounts. "For a typical Twitter user today, it is not a big deal," Pescatore said.

A Business Loss

Businesses, however, felt a pinch because some use Twitter to promote their products. Computer maker Dell has made more than $3 million in sales from one of its Twitter accounts.

"Today's Twitter downtime shows just how far Twitter has come in the last year," said Michael Gartenberg, a vice president with Interpret. "While early users were accustomed to outages and the infamous 'fail whale' logo, the increased adoption and usage of Twitter has affected more users than ever before who view the service as not just 'nice to have,' but rather an essential 'need to have' service."

Many business Web sites such as Google.com, GoDaddy.com, Microsoft.com and Amazon.com have been hit by DoS attacks, according to Pescatore. The difference, however, is that business Web sites have built-in protection.

"Twitter has not built in a lot of protection," Pescatore said. "You see this a lot with consumer-based sites. They are popular targets because they are so visible and because these consumer-grade sites don't have security and are easy pickings."

Need For Protection

It is in Twitter's best interest to purchase the necessary equipment to fend off such an attack, Pescatore said.

"The Twitters of the world are certainly trying to build up enterprise services, and if they are going to do that, they have to build in reliable protection," he said. "There are only 24 hours in a day, and one hour of outage is a four percent loss of advertising revenue."