The meltdown that left 45 million Twitter users unable to access the service on Thursday came in two waves and was directed at a single blogger who has voiced his support for the Republic of Georgia in that country’s continuing conflict with Russia.
Facebook’s chief security officer, Max Kelly, told CNet that the attack was aimed at a user known as Cyxymu, who had accounts on Facebook, Twitter, LiveJournal and other sites affected by Thursday’s cyberassault.
The attacks were “the equivalent of bombing a TV station because you don’t like one of the newscasters,” Mikko Hyppönen, chief research officer of the Internet security firm F-Secure, said in a blog post. “The amount of collateral damage is huge. Millions of users of Twitter, LiveJournal and Facebook have been experiencing problems because of this attack.”
In an interview with The Guardian, the blogger said he believed the strike was an attempt to silence his criticism on the behavior of Russia in the conflict over the South Ossetia region in Georgia, which began a year ago on Friday.
How did a targeted attack against a single user manage to cripple Twitter for almost an entire day?
The assault was two-pronged, said Beth Jones, a security analyst with Internet security firm Sophos.
Early Thursday, the attackers sent out a wave of spam in the name of Cyxymu. The technique, known as a “joe job,” is intended to discredit a Web user by making him appear as though he is the source of a large amount of junk e-mails.
“They’re literally designed to smear someone’s online reputation,” said Ms. Jones. “These hackers wanted to make him look responsible for millions of spam e-mails that went out yesterday morning.”
The messages contained links to Cyxymu’s accounts on several social networks and Web sites, including LiveJournal, Twitter and Facebook.
The next leg of the attack, Ms. Jones said, was a distributed denial of service (DDOS) attack designed to knock Cyxymu off the Web.
The hackers used a botnet, a network of thousands of malware-infected personal computers, to direct massive amounts of junk traffic to Cyxymu’s pages on Twitter, LiveJournal, YouTube and Facebook in an attempt to disable them, Ms. Jones said. The impact on everyone else was “collateral damage.”
Twitter was overwhelmed by the attack and its site was paralyzed for hours. Facebook, certain Google Web sites and LiveJournal had better defenses, but still faced temporary problems.
It’s possible that Cyxymu was targeted because the user was so active online, Ms. Jones said. “They knew where to find him,” she said. “Some of the others might not have been so overt.”
The attacks coincided with the one-year anniversary of the Russia-Georgian conflict. “When the conflict started a year ago, there were various denial-of-service attacks coming from both sides, attacking Web sites.”
The attacks that felled Twitter shed light on the fragility of the popular microblogging service, especially compared to its competitor Facebook, which quickly recovered from the pummeling, said Stefan Tanase, a researcher at Kaspersky Lab, an Internet security firm. Twitter, a small San Francisco company, has been struggling to improve its security even as it tries to manage hypergrowth in the number of users and messages it handles.
Source: NYTimes
Posts
0 Comments