Twitter DDoS Attack Politically Motivated, Says Report

The distributed denial of service attack on Thursday that targeted Twitter, Facebook, LiveJournal, and several Google sites may have been politically motivated. The reported target of these attacks was a blogger named Cyxymu from the Eastern European country of Georgia who is an outspoken supporter of his country. Facebook’s chief security officer, Max Kelly has said the attack was coordinated to “keep his [Cyxymu’s] voice from being heard,” according to Cnet.

If Kelly is right, then the cyber attack may have been coordinated by Russian hackers or those with Russian sympathies. Tensions have been heightened between Russia and Georgia since last year’s brief war between the two countries over the contested region of South Ossetia. There is no clear evidence as to who perpetrated yesterday’s cyber attack, but Cyxymu earlier today suggested the attack was perpetrated by the KGB — the now-defunct security agency for the former Soviet Union.

Although yesterday’s DoS attack targeted a wide range of social network and blogging sites, it was only Twitter that suffered a significant outage. Facebook and LiveJournal suffered slowdowns as a result of the attack, while Google users were not significantly impacted. Kelly reportedly told Cnet that it was able to maintain access to Cxymu’s profile for users in the Georgian region, but the Facebook profile was inaccessible in other parts of the world. At the time of this writing on Friday morning, Cyxymu’s Twitter page was available, but the blogger’s Facebook profile and LiveJournal blog were inaccessible.

While Cnet was able to get a statement from Kelly, Facebook has not yet released an official statement about the target of the attack; however, the social network has linked to the Cnet story from the company’s own profile. Google, LiveJournal and Twitter have yet to discuss the target or possible sources of the attack.

Denial of service attacks are able to bring down a Web site by overwhelming the site’s servers with a large number of page view requests. The number of requests coming all at once makes it impossible for the servers to handle the traffic load eventually making the site inaccessible to users. DoS attacks are typically carried out by a botnet — a large network of compromised computers that can be controlled from one source.

The Dos attack wasn’t the only attack reportedly targeted at Cyxymu. An e-mail spam attack was also recently carried out where messages made to look like they came from Cyxymu were sent to a large number of recipients. The e-mail messages contained links to Cyxymu’s sites. At this time it’s unclear if the attacks were coordinated by the same hacker or hackers as the DoS attack. But it’s unlikely the e-mail spoof was the source of the DoS attack, because it would have been very difficult to trigger through e-mail spam the large number of page view requests required for several coordinated DoS attacks.