Network News

X My Profile
View More Activity

Russia-Georgia Conflict Blamed for Twitter, Facebook Outages

The theories behind who and what attacked Twitter and Facebook yesterday -- causing intermittent outages at each -- are flying like so many tweets across the Internet. The prevailing theory suggests that the outage was due to a cyber skirmish stemming from simmering tensions between Russia and Georgia.

CNet and CNN place blame for the incident on an elaborate, politically motivated vendetta timed to coincide with the one year anniversary of the Russia-Georgia war, a brief but costly skirmish in August 2008 accompanied by cyber attacks on Georgian government Web sites. In short: the outage at Twitter (and to a lesser extent Facebook & LiveJournal) was due to an effort to silence an anti-Russian blogger from Tbilisi who has been calling attention to a recent resurgence of tensions in the region.

CNet cites Facebook's Chief Security Officer Max Kelly saying that a political blogger using the online name "Cyxymu" - who had accounts on Twitter, Facebook, LiveJournal and Google's Blogger and YouTube -- was the target of a denial of service attack, and that the attack against him was what caused the outages.

Some news outlets, such as The Register, say the surge in Internet traffic that crushed Twitter was the result of a "Joe Job." This is a type of reputation attack in which a large volume of spam is sent out designed to look like it came from someone else, with the intention of incurring anger against that person by the recipients of the spam, or causing the apparent sender's account to be suspended for allegedly sending spam.

Bill Woodcock, research director of Packet Clearing House, a San Francisco based non-profit organization, said that on Thursday morning a large volume of spam went out that included links to this Cyxymu blogger's sites at Twitter, LiveJournal and Facebook. Woodcock said the resulting traffic to those sites caused by recipients of the spam clicking the included links "was enough extra data that Twitter's site got swamped."

Graham Cluley, senior technology consultant for computer security firm Sophos, confirmed that his company is indeed still seeing samples of the spam Woodcock described. But Cluley said he's not convinced that the Joe Job spam is solely responsible for the Twitter outage.

"I don't think that's likely. Most people wouldn't have bothered clicking on the link," Cluley wrote on his blog. "However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet."

Still, there is little data to support claims of a traditional denial-of-service attack, aside from the obvious outage itself. Craig Labovitz, chief scientist at Arbor Networks, a company that monitors and helps companies respond to online attacks, said a preliminary look at Web traffic to Internet address blocks owned by Twitter indicates no unusual traffic spikes on Thursday.

"There is some speculation that this is a more sophisticated, targeted attack, rather than a typical brute-force type attack," Labovitz said. "Someone or something may be trying to make use of certain services to available starve resources on those applications." The graphic below, which shows Arbor's view of the traffic to Twitter's Internet space, starts Wed, Aug. 5 at 1 p.m.. The lowest points on that graph -- toward the middle at around 5 a.m. to 9 a.m. -- correspond to the times Twitter says it was under the heaviest attacks.


Such an attack might manifest itself in an assault on a target's domain name servers, which that help route incoming and outgoing Web traffic for Twitter.

Interestingly, Twitter's DNS provider -- -- reported Thursday that its Newark data center experienced a very high traffic spike (hat tip to ThreatChaos).

Still other conspiracy theorists have linked this week's outages with the cyber attacks against South Korean and U.S. government Web sites, although there doesn't appear to be any evidence to support this idea.

By Brian Krebs  |  August 6, 2009; 11:09 AM ET
 | Tags: twitter dos  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Hackers Target Sites
Next: Microsoft Fixes 19 Windows Security Flaws


Putting on my tinfoil hat...

Considering how effective Western tweets were used to whip up things in Iran in opposition to their government, could this be some kind of preliminary testing by the PTB (Powers that Be) to try and de-tweet and defacebook the masses in an effort to quell the rising backlash occurring in our own country, as is evident in these recent town hall meetings?

Posted by: xAdmin | August 7, 2009 3:14 PM | Report abuse

I'll bet they had their shirts off at the time of the DDOS!

Posted by: toddkmeadows | August 7, 2009 5:28 PM | Report abuse

What to do its unfortunate incident happenned for twitter which is the fast growing community.

Posted by: freeebookmania | August 8, 2009 3:07 AM | Report abuse

@ xAdmin: If the tinfoil hat fits, wear it. It does. You look marvelous!

Posted by: peterpallesen | August 10, 2009 12:42 PM | Report abuse


LOL, right on, but........didn't you mean "Mahhhhhhhhhhhvelous!"

Posted by: featheredge99 | August 10, 2009 2:30 PM | Report abuse

@xAdmin: That's silly. American politicians deal with rising backlash by ignoring the public and doing what they want to do anyway, just like Bush did for eight years.

Besides, "You say 'backlash', I say 'racism-fueled right-wing loony paranoia' - let's call the whole thing off."

Posted by: jamshark70 | August 11, 2009 7:52 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company