The cyberattack that shuttered Twitter and other social media sites Thursday appeared to have been aimed at a Georgian blogger who has been critical of Russia’s role in the conflict over South Ossetia, according to Facebook officials.
Cyxymu (the blogger's pseudoynm) had accounts across the social media landscape – most notably Twitter, LiveJournal, and Facebook. All those websites were hit by a massive Distributed Denial-of-Service (DDoS) strike that flooded their servers with bogus connection requests.
“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Max Kelly, chief security officer at Facebook, told CNET News on Friday. Neither Twitter nor Facebook has speculated on who was behind the attack.
“Maybe it was carried out by ordinary hackers, but I’m certain the order came from the Russian government,” said the blogger. His handle is the Latin version of Sukhumi, which is the capital of the disputed region of Abkhazia.
He added: “An attack on such a scale that affected three worldwide services with numerous servers could only be organized by someone with huge resources.”
Twitter's political role
As the microblogging site Twitter continues to grow – with now more than 44 million users worldwide – it is becoming a valuable tool for free speech. This, say security experts, is turning Twitter into a target for politically-motivated hackers, and perhaps even governments who want to squash criticism or prevent protesters from organizing themselves through social media.
Twitter’s usefulness became apparent after the disputed Iranian elections in June. Both Iranian and international twitterati rallied support for Iranian protesters facing a government crackdown, and also helped get information out to the world when journalists' were restricted.
Pro-Russian hackers have been known to use cyberattacks against Georgian critics. In the war between Russian and Georgia last year, hackers went after numerous Georgian websites.
At that time, Internet security analysts didn’t find any direct connection between the hackers and the Kremlin. But “the historical records show clear support by members of the Russian government and implied consent in its refusal to intervene or stop the hacker attacks,” according to a report by Project Grey Goose, a team of security experts who investigated last year’s hacker strikes.
Not just a denial-of-service attack
What exactly led to Twitter’s shutdown Thursday is still being debated in security circles and across the Web. Originally, it was thought to be due solely to a DDoS strike, but now many experts say something else may have contributed to the collapse.
On his Security Fix blog for The Washington Post, Brian Krebs lists various theories, including some that link “this week’s outages with the cyberattacks against South Korean and US government Web sites, although there doesn’t appear to be any evidence to support this idea.”
Twitter was still dealing with the disruption Friday. “Due to defensive measures we’ve taken against the ongoing denial-of-service attack, some Twitter clients are unable to communicate with our [Application Programming Interface], and many users are unable to tweet via SMS,” the company said on its status page.
Follow us on Twitter.