• More Blogs
• Observations »
• Bering in Mind »
• Cross-check »
• Extinction Countdown »
• Solar at Home »
• Expeditions »
• Guest Blog »
• Anecdotes from the Archive »

The same week that the Obama Administration lost its acting cyber security czar, cyber attacks torpedoed several of the Web's most popular social-networking sites, in particular Twitter and Facebook. Although the denial-of-service attacks (which overwhelm Web servers with phony requests) were the latest reminder of the difficulties of defending the Web against cyber threats, it appears that these crashed sites were collateral damage in the ongoing conflict between Russia and Georgia. Or were they?

The attacks may have originated from the Abkhazia region, a territory on the Black Sea disputed between Russia and Georgia, Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization that tracks Internet traffic, told The New York Times Thursday. Twitter, thought to have taken the brunt of the attack, acknowledged yesterday that its site had gone down and that, even after it went back online, staffers needed to continuously defend against additional attacks.

Along with Twitter yesterday, Facebook, LiveJournal, Google's Blogger and possibly YouTube were thought to have been caught in the crossfire of a high-tech smear campaign against a Georgian blogger who goes by the account name "Cyxymu." (The blogger has accounts with all of the Web sites attacked.) Several news sites and blogs are reporting that the attacks coincided with a large number of spam e-mails claiming to come from Cyxymu's G-mail address and encouraging the recipients to click on links embedded in the messages. The links would take users to Cyxymu's Twitter account or Facebook page, etc. One message, according to security software and services vendor Sophos Plc, read, "Hello. My blog here now! http://www.youtube.com/ Cyxymu."

It's unlikely, however, that a spam campaign could have generated enough traffic to these sites to take them down. As Sophos security researcher Graham Cluley noted in one of his blog posts about the event, "Most people wouldn't have bothered clicking on the link." He added, "My guess is that these e-mails aren't really calling from Cyxymu (who, according to his YouTube profile is 34 years old, and tells reporters that his real name is Georgy), but are an attempt by troublemakers to bring his name (and various Web pages) into disrepute."

Cyxymu, himself, apparently confirmed to CNN in an e-mail that he is 34 years old and based in Tbilisi, Georgia, and that his blog posts criticizing Russia for preparing military operations against Georgia may have "irritated" someone enough to incite a cyber attack.

But not everyone is buying all of the conspiracy theories. "There is no real data to prove who is behind it, and if there would be any clue about the origins of this attack, it would be in the access logs on the victim servers—Twitter, Facebook, LiveJournal and others in this case," Stefan Tanase, a senior regional researcher with security provider Kaspersky Lab's Global Research and Analysis Team, blogged today on the company's ThreatPost blog.

Further, Tanase writes, "It's worth noting that 'Cyxymu' didn't even have 100 followers on Twitter when the attacks started—so I am wondering how big his influence really was to even consider him as the root cause of the DDoS attacks."

Image ©iStockphoto.com/ Emrah Turudu

3 Comments

1. 1. PN 10:50 AM 8/8/09

   There is a more logical suspect-- Iran. Twitter and FB were used to circumvent their efforts to prevent any information getting out to the world about the recent protests. This may be a test of their ability to prevent that from foiling them again. Or it may be from another country obsessed by controlling information flow and testing their ability to thwart Twitter and FB's service in the future.

   Reply | Report Abuse | Link to this

2. 2. kenstech 07:52 AM 8/9/09

   Now wait a minute. Obviously it was a conspiracy of some sort right? I mean, we aren't talking about spontaneous and natural DDOS attacks right? So some group of people got together and did this. QED, a conspiracy.
   
   Why do people seem to have such a resistance to believing in conspiracies? It is well known that the government has done such things in the past (Tuskeegee Institute, Project Northwoods, etc) not to mention the fact that the government itself prosecutes thousands of people every year for some conspiracy or other.
   
   Face it folks, conspiracies DO exist. The real question is, why are we all primed to snicker whenever someone brings up the subject?
   
   Ken
   www.kenStech.com

   Reply | Report Abuse | Link to this

3. 3. hotblack 05:16 PM 8/9/09

   People really have nothing more going on in their lives than obsessing about a DoS attack on a couple light entertainment websites? Sweet jebus, any sufficiently bored 13 year olds could have done this given the challenge and enough mt dew. If your life is that thrown off track because twitter was freakin down for a few hours, you need to get off your chair and go for a walk in the friggin sunshine. You remember, in that big non-digital space called reality. Buncha oblivious nitwits with nothing else to occupy their empty little lives.

   Reply | Report Abuse | Link to this