Twitter Attack May Be Part of Russia-Georgia DisputeAugust 7th, 2009 — Bruce Etling
According to the New York Times, yesterday’s DDOS (distributed denial of service) attack on Twitter originated in the disputed Abkhazia region in Georgia, one of the two semi-autonmous regions that Russia and Georgia fought over last August. The Times attribute the claim that the attack was an extension of the broader Russia-Georgia dispute to Bill Woodcock at Packet Clearing House. The Times writes:
It was not clear who initiated the attack, Mr. Woodcock said, but it was likely that “one side put up propaganda, the other side figured this out and is attacking them.” He said he found evidence that the attacks had originated from the Abkhazia region, a territory on the Black Sea disputed between Russia and Georgia.
Mr. Woodcock said the disruptions did not appear to have been caused by a botnet, or network of thousands of malware-infected personal computers.
Rather, he said, at about 10:30 a.m. E.S.T., millions of people worldwide received spam e-mail messages containing links to Twitter and other sites. When recipients clicked on the links, those sites were overwhelmed with requests to access their servers. “It’s a vast increase in traffic that creates the denial of service,” he said.
It is certainly plausible that some group linked to Russia would initiate an online attack near the anniversary of the Russian-Georgian conflict, since DDOS attacks and other online tomfoolery has coincided with other foreign policy disputes that Moscow has been involved in, including attacks against Estonian and Ukrainian sites, and last year DDOS attacks actually preceded Russian military action against Georgia. In the Estonia case, a leader of the pro-Kremlin youth group Nashi claimed credit for the attacks.
The Guardian also cites Facebook’s security chief as saying that the attack may have been aimed at a single Georgian blogger, Cyxymu:
Max Kelly, Facebook’s chief security officer, told CNet news that the strike was an attempt to silence Cyxymu – an outspoken critic of last year’s conflict between Georgia and Russia in South Ossetia – as the anniversary of the war approaches.
“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly said. “We’re actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.”
However, this type of attack on a large international site based in the US like Twitter doesn’t bear the hallmarks of previous attacks plausibly connected to Russia, since they were focused on government, NGO or banking sites in Georgia, Estonia or Ukraine. Since large sites with better security than Twitter, such as Google and Facebook were also attacked, as well as Gawker which also went down earlier this week, it leaves one to wonder whether someone else was behind these attacks, or if this is just a new tactic for those sympathetic to Russia’s more aggressive foreign policy stances. It is also possible that the role of twitter in recent protests in Iran made the site a juicy target for those trying to make a statement about the role of these technology platforms in foreign affairs.
UPDATE: Cyxymu blames Russia for the attack.
UPDATE 2: The Daily Beast points out that the attacks could be from Ahmadinejad’s henchmen or participants at the annual DEF CON hackers convention in Vegas after one too many complimentary beverages.
UPDATE 3: Morozov profiles Cyxymu, who he calls “the first digital refugee.”
The Twitter Attack May Be Part of Russia-Georgia Dispute by Internet & Democracy Blog, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Share Alike 3.0 License.