Scientific American: Twitter attack triggers conspiracy theories but few seem plausible

ScientificAmerican.com > 60-Second Science Blog

Twitter attack triggers conspiracy theories but few seem plausible

By Larry Greenemeier in 60-Second Science Blog

The same week that the Obama Administration lost its acting cyber security czar, cyber attacks torpedoed several of the Web's most popular social-networking sites, in particular Twitter and Facebook. Although the denial-of-service attacks (which overwhelm Web servers with phony requests) were the latest reminder of the difficulties ofdefending the Web against cyber threats, it appears that these crashed sites were collateral damage in the ongoing conflictbetween Russia and Georgia. Or were they?

The attacks may have originated from theAbkhazia region, a territory on the Black Sea disputed between Russia and Georgia, Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization that tracks Internet traffic, told The New York Times Thursday. Twitter, thought to have taken the brunt of the attack, acknowledged yesterday that its site had gone down and that, even after it went back online, staffers needed to continuously defend against additional attacks.

Along with Twitter yesterday, Facebook, LiveJournal, Google's Blogger and possibly YouTube were thought to have been caught in the crossfire of a high-tech smear campaign against a Georgian blogger who goes by the account name "Cyxymu." (The blogger has accounts with all of the Web sites attacked.) Several news sites and blogs are reporting that the attacks coincided with a large number of spam e-mails claiming to come from Cyxymu's Gmail address and encouraging the recipients to click on links embedded in the messages. The links would take users to Cyxymu's Twitter account or Facebook page, etc. One message, according to security software and services vendor Sophos Plc, read, "Hello. My blog here now! http://www.youtube.com/ Cyxymu."

It's unlikely, however, that a spam campaign could have generated enough traffic to these sites to take them down. As Sophos security researcher Graham Cluley noted in one of his blog posts about the event, "Most people wouldn't have bothered clicking on the link." He added, "My guess is that these emails aren't really calling from Cyxymu (who, according to his YouTube profile is 34 years old, and tells reporters that his real name is Georgy), but are an attempt by troublemakers to bring his name (and various Web pages) into disrepute."

Cyxymu, himself, apparently confirmed to CNN in an e-mail that he is 34 years old and based in Tbilisi, Georgia, and that his blog posts criticizing Russia for preparing military operations against Georgia may have "irritated" someone enough to incite a cyber attack.

But not everyone is buying all of the conspiracy theories. "There is no real data to prove who is behind it, and if there would be any clue about the origins of this attack, it would be in the access logs on the victim servers—Twitter, Facebook, LiveJournal and others in this case," Stefan Tanase, a senior regional researcher with security provider Kaspersky Lab's Global Research and Analysis Team, blogged today on the company's ThreatPost blog.

Further, Tanase writes, "It's worth noting that 'Cyxymu' didn't even have 100 followers on Twitter when the attacks started—so I am wondering how big his influence really was to even consider him as the root cause of the DDoS attacks."

Image ©iStockphoto.com/ Emrah Turudu