A Georgian blogger has claimed that the Twitter denial-of-service (DoS) attack was a direct attack against himself and his country.
The blogger, who uses the account name ‘Cyxymu' had accounts on Twitter, Facebook, LiveJournal and Google's Blogger and YouTube, which were all hit at the same time, according to CNET News.
Max Kelly, chief security officer at Facebook, told CNET News: “It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard. We're actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.”
Kelly refused to speculate on who was behind the attack, but said: “You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the internet.”
“The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources. If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see,” said Kelly.
Graham Cluley, senior technology consultant at Sophos, noted that yesterday was the first anniversary of Georgian troops moving into South Ossetia, an incident which lead to conflict between the Russian and Georgian armies last year, and claimed that the two incidents may not be disconnected.
Cluley said: “Cyxymu's LiveJournal page claims that he has been the victim of a ‘Joe Job' attack. It is claimed that a large number of emails have been spammed out, claiming to come from Cyxymu's Gmail address, containing links to his various accounts.
“Now, imagine you received one of these emails. You would be pretty annoyed right? Most people's natural instinct is to get angry about whoever sent you the unsolicited email promoting his blog or YouTube channel.
“But if the emails weren't actually sent by Cyxymu, but by someone else trying to muddy Cyxymu's name and perhaps try and trick websites into erasing Cyxymu's accounts for inappropriate behaviour, then your anger and frustration might be being vented at the wrong person. In other words, Cyxymu may have been set up as a scapegoat by the spammer - with the intention of having their anti-Russian web pages removed.
“Cyxymu himself claims on his LiveJournal page that he has been flooded with ‘out-of-office' replies from people the spam has been sent to, even though he claims not to have sent it himself.”
He further claimed that it was possible that the spam campaign was either run alongside the DoS from compromised computers around the world, or that someone who wasn't responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet.