Attack on blogger took down Twitter

The cyber attack that brought down Twitter for several hours Thursday was aimed at a single blogger in the country of Georgia, according to Facebook, which was also targeted in the attack.

Cyxymu, as the blogger is known online, uses his blog and accounts on several social media networks to lash out against Russia, which has waged battles with Georgia over disputed territory.

"Yesterday's attack appears to be directed at an individual who has a presence on a number of sites," Facebook said in a statement.

Analysts at the Sophos online security firm who have studied the cyber assault said the attackers -- identities unknown -- wanted to shut down Cyxymu's accounts. But they probably didn't aim to knock out all of Twitter, a popular micro-blog site on which users post short messages.

"It was collateral damage," Sophos analyst Beth Jones said.

Thursday's Twitter outage left celebrities, businesses and even Iranian protesters unable to send out notes to subscribers. The down time led to speculation as to the perpetrators; theories ranged from bored teenagers to sophisticated operations involving "botnets" -- armies of personal computers that are taken over by hackers, unbeknown to their owners.

Although the Twitter website was functioning Friday, the attack was ongoing, said Michael Wheeler, vice president of NTT America, which provides Internet services to the site.

Regulations require some companies, such as many financial services, to have very high levels of online security, Wheeler said. Those requirements don't apply to Twitter.

Higher levels of protection might not have prevented the shutdown anyway, according to Wheeler. He said attacks "vary in size and complexity, so there is no way of knowing what may have lessened the impact after the fact."

But Graham Cluley of Sophos noted in his blog that Twitter collapsed while other targeted sites stayed relatively stable -- not a good sign.

"This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble," he said, "forcing us to ask serious questions about the site's fragility."

Twitter did not respond to requests for an interview.

The blogger, in an interview with the Moscow Times -- in which he gave only his first name, Giorgy, and identified himself as a 34-year-old economics professor -- said the online attack occurred soon after he posted a message about last year's short, bloody war between Russia and Georgia.

"I had just published a timeline of events for the war," he said. "I think that this did not go down well with some people in Russia."

The cyber attack began about 5 a.m. PDT Thursday, according to Sophos, with a spam tactic called a Joe job. "That's when you are trying to smear someone online by hijacking their e-mail address and sending out millions of spam e-mails, pretending to be them," Jones said.

The tactic aims to discredit the victim by making him or her seem to be a spammer.

The e-mail said, "I beg pardon for a spam getting in your mailboxes," Jones said.

The e-mail also called on recipients to click on Cyxymu's pages on Twitter, Facebook and other services. This might have been an attempt to overload Cyxymu's accounts with messages from angry spam recipients, Jones said.

About an hour after the first phase of the attack, the hackers made a far more devastating move.

A vast network of computers that had been infected with an Internet worm -- botnets -- was called upon to bombard Cyxymu's sites with millions of digital requests.

This so-called denial-of-service attack shut down Twitter and crippled other sites.

Cyxymu said he was shocked that an attack on him could have worldwide implications. "I could not imagine such consequences," he told the Moscow Times.


Times staff writer David Sarno contributed to this report.

Copyright © 2019, Los Angeles Times
EDITION: California | U.S. & World