Russia-Georgia Conflict Blamed for Twitter, Facebook Outages
The theories behind who and what attacked Twitter and Facebook yesterday -- causing intermittent outages at each -- are flying like so many tweets across the Internet. The prevailing theory suggests that the outage was due to a cyber skirmish stemming from simmering tensions between Russia and Georgia.
CNet and CNN place blame for the incident on an elaborate, politically motivated vendetta timed to coincide with the one year anniversary of the Russia-Georgia war, a brief but costly skirmish in August 2008 accompanied by cyber attacks on Georgian government Web sites. In short: the outage at Twitter (and to a lesser extent Facebook & LiveJournal) was due to an effort to silence an anti-Russian blogger from Tbilisi who has been calling attention to a recent resurgence of tensions in the region.
CNet cites Facebook's Chief Security Officer Max Kelly saying that a political blogger using the online name "Cyxymu" - who had accounts on Twitter, Facebook, LiveJournal and Google's Blogger and YouTube -- was the target of a denial of service attack, and that the attack against him was what caused the outages.
Some news outlets, such as The Register, say the surge in Internet traffic that crushed Twitter was the result of a "Joe Job." This is a type of reputation attack in which a large volume of spam is sent out designed to look like it came from someone else, with the intention of incurring anger against that person by the recipients of the spam, or causing the apparent sender's account to be suspended for allegedly sending spam.
Bill Woodcock, research director of Packet Clearing House, a San Francisco based non-profit organization, said that on Thursday morning a large volume of spam went out that included links to this Cyxymu blogger's sites at Twitter, LiveJournal and Facebook. Woodcock said the resulting traffic to those sites caused by recipients of the spam clicking the included links "was enough extra data that Twitter's site got swamped."
Graham Cluley, senior technology consultant for computer security firm Sophos, confirmed that his company is indeed still seeing samples of the spam Woodcock described. But Cluley said he's not convinced that the Joe Job spam is solely responsible for the Twitter outage.
"I don't think that's likely. Most people wouldn't have bothered clicking on the link," Cluley wrote on his blog. "However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet."
Still, there is little data to support claims of a traditional denial-of-service attack, aside from the obvious outage itself. Craig Labovitz, chief scientist at Arbor Networks, a company that monitors and helps companies respond to online attacks, said a preliminary look at Web traffic to Internet address blocks owned by Twitter indicates no unusual traffic spikes on Thursday.
"There is some speculation that this is a more sophisticated, targeted attack, rather than a typical brute-force type attack," Labovitz said. "Someone or something may be trying to make use of certain services to available starve resources on those applications." The graphic below, which shows Arbor's view of the traffic to Twitter's Internet space, starts Wed, Aug. 5 at 1 p.m.. The lowest points on that graph -- toward the middle at around 5 a.m. to 9 a.m. -- correspond to the times Twitter says it was under the heaviest attacks.
Such an attack might manifest itself in an assault on a target's domain name servers, which that help route incoming and outgoing Web traffic for Twitter.
Still other conspiracy theorists have linked this week's outages with the cyber attacks against South Korean and U.S. government Web sites, although there doesn't appear to be any evidence to support this idea.
Posted by: xAdmin | August 7, 2009 3:14 PM | Report abuse
Posted by: toddkmeadows | August 7, 2009 5:28 PM | Report abuse
Posted by: freeebookmania | August 8, 2009 3:07 AM | Report abuse
Posted by: peterpallesen | August 10, 2009 12:42 PM | Report abuse
Posted by: featheredge99 | August 10, 2009 2:30 PM | Report abuse
Posted by: jamshark70 | August 11, 2009 7:52 AM | Report abuse
The comments to this entry are closed.