Twitter Attack Was Another Political DDoS

The distributed denial-of-service attack that hampered access to social networking and blogging sites all went after one pro-Georgia blogger, according to security company reports.

According to a post from F-Secure's Mikko Hypponen, the attacks focused on Cyxymu's accounts at Twitter, Youtube, Facebook and Livejournal, and also included a "Joe Job" spam campaign that was designed to look as if the unwanted messages had been sent by Cyxymu. McAfee offers a similar analysis with a post that ties the spam campaign to the same botnet that launched the DDoS attack, and says that a cyxymu account at Fotki.com was also targeted.

Cyxymu's Facebook page (currently up) at http://facebook.com/cyxymu contains comments and links to Eastern European events and politics. The most recent comments link to news stories on the attacks and claim that Russian media has been silent on the topic.

So the answer to the question, "Why Attack Twitter?" appears to be politics. The explanation makes sense given previous politically motivated DDoS attacks against Estonian Web sites in 2007 that were later tied to Russian hackers, and more recent attacks against Georgian sites in 2008 during Georgia's conflict with Russia over South Ossetia.

F-Secure's Hypponen guesses that "nationalistic Russian hackers" are behind the attempt to discredit and silence Cyxymu. The beset blogger himself blames "hackers from Russian KGB," according to a Twitter screen shot in Hypponen's post. In any case, the attacks will likely backfire. Cyxymu will no doubt now attract far, far more attention from around the world than he would have if the DDoS attack had never happened.

Subscribe to the Security Watch Newsletter

Comments