Extra Feeds & Services »

Home / Blogs

Twitter, DDoS and the Motivations Behind the Attack

  • Aug 11, 2009 2:01 PM PST
  • Comments: 0
  • Views: 1,794
Print Comment
By Terry Zink
Terry Zink

As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players.

The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger.

We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. It is thought that these attacks were an attempt to silence his anti-Russian, pro-Georgian rhetoric. By DDoS'ing these services, Facebook, LiveJournal, etc, would be forced to bow to the pressure of these cyberattacks and would take his account offline.

One theory is that the attack came in the form of a huge spam blitz sent out that contained links to Cyxymu's sites at Blogger, Facebook, LiveJournal, and so forth. When people received the spam, they all started clicking on the links, driving tons of traffic to these sites and taking them offline. Thus, either Cyxymu succeeded in driving traffic to his pages but it all backfired when user's couldn't reach them, or someone spoofed Cyxymu and drove traffic to these pages, and it succeeded in taking down the entire service. The latter sounds unlikely, why would you drive traffic to someone's page if you want to discredit them? It's counterproductive. And secondly, you'd have to get the spam past the spam filters. And who would actually click on the link? Not enough to actually take down Facebook or Twitter.

Instead, other theories are that while spam like this did occur, more likely is that the people behind these attacks had botnets under their control which flooded these sites with DOS attacks and that's what took them offline. It was obviously a co-ordinated attack on the sites as it all occurred around the same time. It was not the result of people clicking on links in their spam email. This theory makes a great deal more sense.

Assuming that Cyxymu was not behind the spam run, the following questions come to mind:

1. Who was behind the spam run and cyberattack?
2. Why did they do it?

I have my own theory. Cyxymu was blogging/writing/Youtube'ing about the Russian/Georgian war anniversary and was publicly criticizing Russia. Some people in Russia obviously took offense to this and started a spam campaign as midirection. They attempted to make it look like Cyxymu was responsible for sending out a huge wave of advertising to drive traffic to his site, but by using spam as his medium, it would discredit Cyxymu (since only very unethical people use spam to market their opinions). In the meantime, the same people behind the spam campaign set up a DOS attack to take down all of these sites on the theory that people would think that Cyxymu's blitz worked and people clicked on these links, taking down the sites. The hope was that Facebook, LiveJournal, Twitter, and so forth, would remove Cyxymu's account for violating their Terms of Use.

That's my current working theory.

What about who was behind the attack? Was it the Russian government? Did they engage in state sponsorship of cyberwarfare? While possible, this attack follows a similar pattern of two episodes in recent memory. In 2007, the Estonian government came under cyberattack when they attempted to remove a Russian war memorial from one of its major cities. At the time, the Estonian government accused the Russian government of coordinating the attacks, but it turns out that an aide to a Russian politician in the Duma was responsible for it and acted "alone", that is, without direction from Russia explicitly. Of course, he still had lots of help from friends in the botnet community.

In 2008, during the first Russian/Georgian war, Georgia came under cyberattack, and also accused Russia of co-ordinating it. However, as Israeli security expert Gadi Evron points out, the attack probably was not coordinated by the Russian government. Both this incidence and the Estonian one appear to be co-ordinated cyber-riots, that is, a group of hackers who are fiercely patriotic got angry at anti-Russian rhetoric. They got together and took down the government's web sites in an attempt to "make them pay."

I would tend to lump this in the same category. While we don't know for certain who is responsible and why they did it (not yet, anyhow), we do know that whoever was behind these attacks can wreak a lot of havoc with only a small amount of resources and are probably well connected to the black market of botnet operators.

By Terry Zink, Program Manager. Visit the blog maintained by Terry Zink here.

Related topics: Cyberattack, Cybercrime, Security, Spam

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

Another One (Partially) Bites the Dust

  • Mar 12, 2010
  • Comments: 0

Authorities Take Down the Mariposa Botnet

  • Mar 05, 2010
  • Comments: 0

Taking Permission

  • Feb 26, 2010
  • Comments: 0

Closing in on the Google Hackers

  • Feb 25, 2010
  • Comments: 2

OpenDNS Adopts Proposed DNS Security Solution: DNSCurve

  • Feb 23, 2010
  • Comments: 6
View More

Related News

German High Court Says No to Retaining Telecom, Email Data for Tracking Criminal Networks

  • Mar 02, 2010
  • Comments: 0

Comcast Announces Aggressive Plan to Deploy DNSSEC, Launches First Public Trial

  • Feb 23, 2010
  • Comments: 0

How IT and Internet Saved Lives in Haiti

  • Feb 17, 2010
  • Comments: 0

Google Dumps Illicit Pharmacy Advertisements

  • Feb 10, 2010
  • Comments: 0

The US House Passes Cybersecurity Bill

  • Feb 04, 2010
  • Comments: 0
View More

Other Topics

Access Providers Broadband Censorship Cloud Computing Cyberattack Cybercrime Cybersquatting Data Center DNS DNSSEC Domain Names Domain Registries Email Enum ICANN Internet Governance Internet Protocol IP Addressing IPTV IPv6 Law Malware Mobile Multilinguism Net Neutrality P2P Policy & Regulation Privacy Regional Registries Security Spam Telecom Top-Level Domains VoIP Web White Space Whois Wireless
View More



Industry Updates – Sponsored Posts

.ORG to Fully Deploy DNSSEC in June

  • By PIR
  • Views: 226

The GLOBE Program Chooses Dyn Inc.'s Dynect Platform to Deploy DNSSEC per Federal OMB Mandate

ICANN and Cybersecurity: Hot Topics at The First Ever .ORG Forum

  • By PIR
  • Views: 1,508

Neustar Implements DNS Security Extensions in the .US Registry

Paid Search Ads Can Lead to Fake Goods

Neustar Launches Initiative to Enhance DNS With Faster, More Secure Updates

Registry Stakeholder Group Comments on Latest ICANN Policies

  • By PIR
  • Views: 1,880

Open Phishing Season

Nominum Announces "DNSSEC Made Easy" Solutions

.ORG Highlighted for Success in Fighting Phishing

  • By PIR
  • Views: 2,178

Afilias' Matt Pounsett Elected Director-at-Large for DNS-OARC

SPECIAL: Updates from the ICANN Meetings in Seoul

SEO Poisoning: A Persistent Malware Threat Targeting High-Profile Brands

Nominum CEO: Commercial vs. Open Source - Let Customers Choose

Pharmaceutical Brandjacking for Popular Drug Brands on the Rise

Nominum Broadens Intelligent DNS Impact With SKYE Cloud Services

Afilias Managed DNS Services Adds SiteCertain to Keep Watch on Your Web Site

DNSstuff.com Launches Industry's First Mail Server Test Center

Growing Global Adoption of Nominum's Intelligent DNS Spells Obsolescence for Legacy DNS Systems

Nominum's Intelligent DNS Gives Service Providers Commanding Advantage Against Internet Threats

View More