Twitter, Facebook Hit With DDoS Attack; The Horror, The Horror

Twitter, Facebook Hit With DDoS Attack; The Horror, The Horror

A distributed denial-of-service attack on one (yes, one) person yesterday left news media in a quandary. With no Twitter, and no Facebook either, how was the news to be obtained?

Seriously, however, the outage was the result of attacks across several services aimed directly at a blogger named Cyxymu from the Eastern European country of Georgia. Max Kelly, chief security officer at Facebook, told C|Net:
"It was a simultaneous attack across a number of properties targeting him to keep his (Cyxymu) voice from being heard. We're actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can."
Twitter was down for several hours starting early Thursday morning. It also suffered periodic slowness and time-outs throughout much of the day.

Other services that faced the same DDoS attack were Facebook, LiveJournal, Google Sites, and YouTube.

Of course, the obvious theory is that the attack is due to the still-existent Russia - Georgia enmity. That was posited by Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization that tracks Internet traffic:
He said he found evidence that the attacks had originated from the Abkhazia region, a territory on the Black Sea disputed between Russia and Georgia.
Interestingly, he indicated that he found no evidence a botnet, which is frequently used in this sort of attack, was exploited in this case. He noted, instead, that at about 10:30 AM EDT, millions of people worldwide received spam e-mail messages containing links to Twitter and other sites, and that's what caused the outage.



Humorously, as indicated above, there was no way for people to Tweet about the Twitter outage, and that, as satirist Bad Reporter notes, has prompted Twitter to consider a backup system so people can Tweet about not being able to Tweet.

How many of you readers were traumatized by the Twitter outage?
0
+ -

News:
the outage was the result of attacks across several services aimed directly at a blogger named Cyxymu from the Eastern European country of Georgia.

Makes me wonder what blogger Cyxymu had to say that made him the target.

0
+ -

The following article, ripped from the LA Times, explains the reasoning for the cyber-attack on blogger Cyxymu. It sure is great to live in the USA!

INTERNET

Twitter Fell In Attack On Anti-Russia Blogger, Experts Say

 

Hackers also hit Facebook and other pages related to Cyxymu, a blogger in the nation of Georgia who lashes out online against Russia, which has waged battles with Georgia over disputed territory.
By David Colker 
August 8, 2009
The cyber attack that brought down Twitter for several hours Thursday was aimed at a single blogger in the country of Georgia, according to Facebook, which was also targeted in the attack.

Cyxymu, as the blogger is known online, uses his blog and accounts on several social media networks to lash out against Russia, which has waged battles with Georgia over disputed territory.
"Yesterday's attack appears to be directed at an individual who has a presence on a number of sites," Facebook said in a statement.

Analysts at the Sophos online security firm who have studied the cyber assault said the attackers -- identities unknown -- wanted to shut down Cyxymu's accounts. But they probably didn't aim to knock out all of Twitter, a popular micro-blog site on which users post short messages.

"It was collateral damage," Sophos analyst Beth Jones said.
Thursday's Twitter outage left celebrities, businesses and even Iranian protesters unable to send out notes to subscribers. The down time led to speculation as to the perpetrators; theories ranged from bored teenagers to sophisticated operations involving "botnets" -- armies of personal computers that are taken over by hackers, unbeknown to their owners.

Although the Twitter website was functioning Friday, the attack was ongoing, said Michael Wheeler, vice president of NTT America, which provides Internet services to the site.

Regulations require some companies, such as many financial services, to have very high levels of online security, Wheeler said. Those requirements don't apply to Twitter. 

Higher levels of protection might not have prevented the shutdown anyway, according to Wheeler. He said attacks "vary in size and complexity, so there is no way of knowing what may have lessened the impact after the fact."

But Graham Cluley of Sophos noted in his blog that Twitter collapsed while other targeted sites stayed relatively stable -- not a good sign.

"This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble," he said, "forcing us to ask serious questions about the site's fragility."

Twitter did not respond to requests for an interview.

The blogger, in an interview with the Moscow Times -- in which he gave only his first name, Giorgy, and identified himself as a 34-year-old economics professor -- said the online attack occurred soon after he posted a message about last year's short, bloody war between Russia and Georgia.

"I had just published a timeline of events for the war," he said. "I think that this did not go down well with some people in Russia."

The cyber attack began about 5 a.m. PDT Thursday, according to Sophos, with a spam tactic called a Joe job. "That's when you are trying to smear someone online by hijacking their e-mail address and sending out millions of spam e-mails, pretending to be them," Jones said.

The tactic aims to discredit the victim by making him or her seem to be a spammer.

The e-mail said, "I beg pardon for a spam getting in your mailboxes," Jones said. 

The e-mail also called on recipients to click on Cyxymu's pages on Twitter, Facebook and other services. This might have been an attempt to overload Cyxymu's accounts with messages from angry spam recipients, Jones said. 

About an hour after the first phase of the attack, the hackers made a far more devastating move. 

A vast network of computers that had been infected with an Internet worm -- botnets -- was called upon to bombard Cyxymu's sites with millions of digital requests.

This so-called denial-of-service attack shut down Twitter and crippled other sites.

Cyxymu said he was shocked that an attack on him could have worldwide implications. "I could not imagine such consequences," he told the Moscow Times.

david.colker@latimes.com

Times staff writer David Sarno contributed to this report

0
+ -


The blogger, in an interview with the Moscow Times -- in which he gave only his first name, Giorgy, and identified himself as a 34-year-old economics professor -- said the online attack occurred soon after he posted a message about last year's short, bloody war between Russia and Georgia.

"I had just published a timeline of events for the war," he said. "I think that this did not go down well with some people in Russia."

The cyber attack began about 5 a.m. PDT Thursday, according to Sophos, with a spam tactic called a Joe job. "That's when you are trying to smear someone online by hijacking their e-mail address and sending out millions of spam e-mails, pretending to be them," Jones said.

The tactic aims to discredit the victim by making him or her seem to be a spammer.

The e-mail said, "I beg pardon for a spam getting in your mailboxes," Jones said. 

The e-mail also called on recipients to click on Cyxymu's pages on Twitter, Facebook and other services. This might have been an attempt to overload Cyxymu's accounts with messages from angry spam recipients, Jones said.

 

Acai Berry

Login or Register to Comment
Post a Comment
Username:   Password: