Sometimes when watching movies, big Hollywood blockbusters, we are entertained with scenes of bad guys and good guys racing through cities, destroying tons and tons of property and leaving chaos in their wake. This is supposed to thrill us, of course, but sometimes I think to myself “You know, if that actually happened in real life, somebody actually has to pay to repair all that damage.”
Last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit but managed to repel the attack although not as successfully as the other larger players. Although, in all reality, if Facebook had gone down or would have slowed noticeably, I simply would have dismissed it as typical Facebook connectivity flakiness.
Anyhow, as it turns out, the theory that is currently floating about is that this was a politically oriented play designed to take out one guy: a blogger.
We are nearing the 1-year anniversary of a the Russian/Georgian 2008 “war” (more aptly described as a Russian speed bump on the way to Tbilisi). There is a pro-Georgian blogger by the username of "Cyxymu who had accounts on all of these services. It is thought that these attacks were an attempt to silence his anti-Russian, pro-Georgian rhetoric. Kind of like movies where someone has to pick up the pieces afterwards, the rest of us were inconvenienced while the government was busy trying to silence one person. Note: it’s not a conspiracy theory if it’s true. Note 2: I’m merely floating the idea out there, but my personal bet is that this is another cyber-riot like the 2007 Estonian attacks, probably run by a guy (an aide) out of the Russian Duma.
From what I have gathered, one theory is that the attack came in the form of a huge spam blitz sent out that contained links to this guy’s sites at Blogger, Facebook, LiveJournal, and so forth. When people received the spam, they all started clicking on the links, driving tons of traffic to these sites and taking them offline. This sounds unlikely, why would you drive traffic to someone’s page if you want to discredit them? It’s counterproductive. And secondly, you’d have to get it past the spam filters anyhow. And who would actually click on the link? Not enough to actually take down Facebook or Twitter.
Instead, other theories are that while spam like this did occur, more likely is that the people behind these attacks had botnets under their control which flooded these sites with DOS attacks and that’s what took them offline. It was obviously a co-ordinated attack on the sites as it all occurred around the same time.
So, here is my theory: Cyxymu was blogging/writing/Youtube’ing about the Russian/Georgian war anniversary and was publically denouncing Russia. Some guys in Russia obviously took offence to this and started a spam campaign as midirection. They tried to make it look like Cyxymu was responsible for sending out a huge wave of advertising to drive traffic to his site, but by using spam as his medium, it would make him appear to be a douchebag (since only douchebags use spam to market their opinions). In the meantime, the same people behind the spam campaign set up a DOS attack to take down all of these sites on the theory that people would think that Cyxymu’s blitz worked and people clicked on these links, taking down the sites.
That’s my current working theory.
It underscores the belief that eastern Europe is still a haven for criminal cyberactivity. And apparently, it is really easy to corral your resources and take down websites, inconveniencing the rest of us.