Feeds

Researcher: Twitter attack targeted anti-Russian blogger

Joejobbing Cyxymu

Beginner's guide to SSL certificates

As Twitter struggled to return to normal Wednesday evening, a trickle of details suggested that the outage that left 30 million users unable to use the micro-blogging service for several hours - at least in part - may have been the result of a spam campaign that targeted a single user who vocally supports the Republic of Georgia.

According to Bill Woodcock, research director at the non-profit Packet Clearing House, the torrent of traffic that brought the site to its knees wasn't the result of a traditional DDoS, or distributed denial of service attack, but rather people who clicked on a link in spam messages that referenced a well-known blogger called Cyxymu.

As spam goes, the emails looked benign enough. One of them carried the subject "Visit my blog" and contained the words "thanks for looking at my blog" in the body. They contained respective links to Cyxymu's accounts on Twitter, Facebook, LiveJournal and YouTube, all of which also reported receiving abnormal amounts of traffic on Thursday.

"This was not like a botnet-style DDoS," Woodcock told The Register. "This was a joejob where people were just clicking on links in email and the people clicking on the links were not malefactors. They were just the sort of idiots that click on links in email without knowing what they are."

Joejobs are spam messages that are designed not to push Viagra but to induce someone to click on a link in the hopes of harming the site being linked to.

Twitter has so far said little on its blog and status page except that it spent much of the day fighting against a denial of service attack and that as late as 4:45 pm California time, latency problems were still causing some users to receive error pages. Company representatives didn't respond to emails seeking comment.

The theory was backed by this article from CNET News, which quoted Facebook's chief security officer saying the attacks targeting multiple websites all contained traffic linking to accounts held by Cyxymu.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Facebook's Max Kelly told reporter Elinor Mills. "We're actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can."

Kelly made no reference to spam messages, so it remained unclear if the emails were the only cause of the mass requests to Cyxymu's profiles or if there were other causes as well.

Cyxymu has long been viewed as an antagonist by some Russian supporters, who take issue with the blogger's coverage of recent military conflicts in Georgia. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.