Russians may have taken down Twitter, Facebook, and LiveJournal while trying to stop a Georgian Blogger
Twitter, Facebook, LiveJournal, Google Blogger and other Web sites were hobbled Thursday -- Twitter was completely down for many users -- and it all appears to have been because of a coordinated online attack on one political blogger in the Republic of Georgia.
The man called himself "Cyxymu." ABC News tracked him down in Tblisi, Georgia, and spoke to him by phone.
He said he is a 34-year-old economics professor named Georgy (he wouldn't give his last name), a married father of two. He said he is a refugee from Abkhazia, a region of Georgia that declared its independence in 1991 after the breakup of the Soviet Union, but is recognized by only a few of the world's governments.
Georgy said he started a blog on the LiveJournal site to unite fellow refugees who would like Abkhazia to recognize Georgia's authority over it. Last summer, Georgia and Russia went to war with each other, and Georgy started criticizing Russia -- which recognized his homeland's independence -- online.
Georgy said he believes he was targeted by a group linked to the Kremlin. "It's hard to say who did it but I looked at how it was done and it definitely cost a lot of money. An operation like this couldn't have been done by a group of enthusiasts."
What they did is known as a Denial of Service attack (DoS). They sent out computer viruses that infected thousands of computers around the world -- and, at a specified time, inundated the sites used by Georgy with e-mails. . . . .
See also a discussion at USA Today.
It appears that the denial of service attacks that cut off access to Twitter and disrupted Facebook and LiveJournal on Thursday morning stemmed from an attempt to obliterate the social network accounts of an anti-Russian blogger, nicknamed Cyxymu.
In this Guardian interview, Cyxymu blames the Russian government for trying to muzzle him, on the eve of the anniversary of the Russia-Georgia war.
A half-dozen security researchers interviewed this morning agree that Cyxymu was the target of denial-of-service attacks that got out of control. But it makes no sense that the Russian government would use a sledgehammer to squash a mosquito, says Nick Bilogorskiy, antivirus researcher at security firm SonicWall.
Bilogorskiy estimates that it took a few hundred thousand bots sending nuisance messages aimed at Twitter's servers to cut off Cyxymu's Twitter account. In today's cyber underground, it would cost about $5,000 to rent a botnet of that size to conduct such an attack, he says.
Cisco security researcher Patrick Peterson says its like "throwing a hand grenade to kill a fly." The big beneficiary: Cyxymu, who now "has gained exactly the visibility the attackers presumably were trying to smother," says Peterson. On Wednesday, Cyxymu had about 100 followers on Twitter; as of Friday morning he had 816.
Another surprising beneficiary: Twitter. "The only thing that I'm sure is going to happen after these incidents is that Twitter will gain even more popularity as a result," says Stephan Tanase, senior researcher at Kaspersky Lab. "Everybody's talking about it, the story is all over the news, all over the world. So the only thing that will happen is that Twitter will be even more popular after this." . . .
A discussion of the costs here:
For Twitter's approximately 30 million users, life — even a few hours — without the popular service meant no tweeting about breaking news, work or the fact that Twitter was down.
Social networks Twitter, Facebook and LiveJournal on Thursday morning were overwhelmed by denial-of-service attacks disrupting access to more than 300 million users. Botnets — thousands of infected home and workplace PCs — flooded the websites with nuisance requests, thus cutting off access to anyone else. . . .