Twenty four hours after the denial-of-service attack on Twitter, the web is just aglow with theories about what happened. There seems to be agreement that Twitter, which has been experiencing phenomenal growth in the last year, didn’t have the infrastructure to withstand a huge surge of traffic.
The Register, possibly the best source of hilarious headlines and slang in the history of writing (well, there is the Onion, but they make up the news), called it a “Joe Job.” That’s a distributed denial-of-service attack launched when some malicious entity social engineers a large number of people into visiting to a target web site. The surge in traffic brings the victim site down.
The chain of events then would be: Pro-Russian miscreants spam a lot of people with Tweets, possibly via a botnet, to visit the web site of Cyxymu, a pro-Georgia blogger. The surge in Tweets and people clicking links brings down Twitter. Facebook and LiveJournal are slowed, but not shut down. Possibly the attackers also use a botnet to attack at the same time.
Cyxymu’s site is down this morning.
So, in the worst tradition of journalism we will now report the speculation:
PC Magazine: “Did Koobface Cause the Twitter DDoS Attack?”
The headline says it all.
PC World: “Why Attack Twitter?”
Answer: Koobface or old-school hacker looking for fame or someone advertising the power of their botnet, which is for hire.
The Register: “Twitter meltdown raises questions about site stability”
The Twitter problems were collateral damage from a Joe Job attack on a blogger named Cyxymu who apparently is a very vocal pro-Georgia advocate who irritates a lot of pro-Russian folks in the war of words over South Ossetia and Abkhazia independence. Cyxymu has Facebook, Blogger and LiveJournal accounts. Aug. 8 is the one-year anniversary of Russia’s invasion of Georgia. (See “The Georgian Times” one-year-later story here.)
The Register credits the theory to Bill Woodcock, research director of the non-profit Packet Clearing House in San Francisco.
Researchers Patrik Runald at F-Secure and Graham Cluley at Sophos, disagree.
Associated Press: “Hackers attack Twitter, Facebook also slows down”
Agrees with Register.
The root causes then would be: bot-infected machines (not running anti-virus solutions) and Internet users clicking on links from strangers.
Tom Kelchner