Twitter attack was part of ‘massively coordinated’ campaign

With Twitter back in action with degraded service – after yesterday’s distributed denial of service (DDoS) attack – speculation is rife about what caused the incident.

The DDoS assault had a mild impact on other social networking sites as well, including Facebook, LiveJournal and Google’s Blogger.

In its lastest blog update, Twitter says it’s been “working closely with other companies” affected by what appears to be a “single, massively coordinated attack.”

As to the motivation behind this event, Twitter says it “prefers not to speculate.”

Some security experts, however, say it’s likely the assault may have been intended to target a single person – an anti-Russian blogger with the online name of Cyxymu – a town in the Republic of Georgia.

“Cyxymu” had his accounts on Twitter, Facebook, LiveJournal, Google Blogger and YouTube targeted in the coordinated denial of service attack, notes Graham Cluley, senior technology consultant at security products vendor, Sophos plc. in his blog.

While Cyxymu’s LiveJournal pages are currently not accessible, they can be read through a Google cache.

Screen grab of Cyxymu’s LiveJournal page

In the page, the blogger claims he was the victim of a “Job Joe” attack.

Typically, in such an attack, the perpetrator/s spoof another person’s e-mail address and find an open-relay server to send out spoofed spam. So the thousands or millions of e-mails sent out appear to come from someone other than the perpetrator.

In this case, Cluley says, it’s likely Cyxymu may have been set up as a scapegoat by the spammer, seeking to have his anti-Russian Web pages removed.

Indeed on his LiveJournal page, Cyxymu claims he has been inundated with “out-of-office” replies – as a result of the spam purporting to come from his e-mail address.

Meanwhile, The Guardian, U.K. reports that Cyxymu believes the DDoS attack was carried out at the behest of the Russian government, and constituted an attempt to stifle his his criticism of Russia’s conduct in the war over the disputed South Ossetia region.

Speaking to The Guardian from an office in the Georgian capital, Tbilisi, Cyxymu said his real name was Georgy and that he is a 34-year-old economics lecturer.

Some media reports suggest the huge surge in Web traffic that downed Twitter yesterday wasn’t caused by a DDoS attack but by the rather by the spam recipient clicking links to Cyxymu’s Web pages.

Cluley doesn’t think that’s likely. “Most people wouldn’t have bothered clicking on the link.”

He says it’s more probable “the spam campaign was run alongside the denial-of-service from compromised computers around the world.

Another possibility, he says, is someone who wasn’t responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet.

Twitter, meanwhile, is assuring users that no user data has been compromised in this attack.

ABC of DDoS

The Twitter attack is an opportune time for every knowledge worker to better understand denial of service attacks, which occur when computers flood a Web site with requests for information.

Such assaults, whether driven by financial or political motives or even pure malice, are becoming a favourite of cyber criminals, security experts say.

“Sites, big and small, have fallen victim,” notes Marian Merritt, Internet safety advocate at Symantec Corp. in Cupertino, Calif. “Examples include big brand name online retailers, news and government sites.”

Corporate Web admin folk, as well as everyday information workers, need to have an effective strategy to defend against such attacks, she and other security experts say.

This is especially so, given the significant shift in the nature of DOS attacks.

In the original DOS days, Merritt notes, repeated pinging of a domain (that constituted the attack) may have been the work of a single hacker or a small team of hackers.

Today’s distributed DOS attacks also immobilize the target site by pinging it over and over again. The difference is in the “distributed” attack, as the name suggests, the massive ping volumes are accomplished through a distributed network of infected computers (botnet for short).   

“By using tools or networks of infected computers,” Merritt says, “the hacker can now summon the distributed power of hundreds or thousands of machines to slam the victim site with domain requests, overloading the routers and servers and effectively shutting the site down.”

Cluley from Sophos offers a very graphic metaphor to describe the situation. “It’s a bit like 15 fat men trying to get through a revolving door at the same time — nothing can move.”

Becoming a “good Internet citizen”

This has implications for all computer users who need to ensure their machines aren’t turned into “zombies” – commandeered by cybercriminals to do their bidding.

This, as Cluley puts it, helps us become “good Internet citizens” and ensure we’re not contributing to the problem”

Merritt’s blog offers some “tried and true tips” to protect your machine from becoming a bot.

  •  Run a good Internet security suite.  
  • Keep your computer updated with the latest patches and updates
  • Don’t use “free” security scans that pop up on many Web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service.
  •  Back up your computer.
  • Check your bank and credit card accounts to make sure that all your transactions are legitimate.

Business impact

Finally, the business impact of yesterday’s Twitter DDoS attack – though hardly touched upon by most media coverage – shouldn’t be underestimated.
Clulely notes that many companies use the site to keep in touch with their customer base.

Consumers, he reminds us, take advantage of the site’s intimacy to get an answer from large companies that are discovering how to have a “human face” online.

People in a particular industry (say engineering, software development, or public relations) often use Twitter to keep up with news, opinion and happenings in their field, for example. Once you get going with Twitter, this information will come to you.

After all, as Cluley points out, Twitter isn’t just about meaningless piffle (although there’s a fair bit of that).

(On that note, CIO.com editor-in-chief Abbie Lundberg has aggregated tweets she has been soliciting on the business value of twitter in a blog post — some of which make for very interesting perusal. You can read them here.)

With files from CG Lynch, CIO.com

Share on LinkedIn Share with Google+