RealTime IT News

Facebook, Twitter Attacks Aimed for One User

The attacks that disrupted service for millions on Facebook and brought down Twitter and LiveJournal may have been designed to single out one user in particular.

"The distributed denial-of-service attack that caused issues with accessing Facebook and other sites ... appears to have been directed at an individual, rather than at the sites themselves," Facebook said in a message on its site.

"Yesterday's attack appears to be directed at an individual who has a presence on a number of sites, rather than the sites themselves," a Facebook representative said in an e-mail to InternetNews.com. "Specifically, the person is an activist blogger and a botnet was directed to request his pages at such a rate that it impacted service for other users. We've isolated the issue and almost all of our users are able to enjoy the normal Facebook experience."

That individual appears to be a Georgian blogger and anti-Russian dissident who goes by the username "Cyxymu," according to reports and to Cyxymu himself.

"Cyxymu's LiveJournal page claims that he has been the victim of a 'Joe Job' attack," Graham Cluley, Sophos security expert, said in a blog post. "It is claimed that a large number of e-mails have been spammed out, claiming to come from Cyxymu's Gmail address, containing links to his various accounts."

The idea behind the attack is that by spoofed sending spam that purports to be from a user's account, bouncebacks can overwhelm the account.

"Cyxymu may have been set up as a scapegoat by the spammer -- with the intention of having their anti-Russian Web pages removed," Cluley wrote.

On his LiveJournal page, currently available only through a Google cache, Cyxymu wrote, "I beg pardon for a spam getting in your mailboxes, it I sent not, but spammers which want that on me went to law."

It's still unclear who's directly responsible for the attack. But the apparent target has some ideas.

"This hackers was from Russian KGB," Cyxymu said in a tweet today.

On his site, Cyxymu claimed to have some knowledge of how the attack was launched.

Security experts said the flood of traffic that temporarily disabled Twitter and slowed Facebook and other services in a denial-of-service attack likely came from a botnet.

"This type of attack has been around for many years taking advantage of the millions of PC's that have been infected at one time and have become part of the botnet army," Ken Pappas, security strategist at Top Layer Security, said in an e-mail to InternetNews.com. "A Web site then gets flooded with so many requests that it becomes unavailable or unstable for normal use. The fact is a DDoS attack is designed to render a network or server incapable of providing any normal service [and] drives customers and users to go elsewhere."

The damage caused by cyber warfare

If a political agenda had motivated the attack, the incident would mark the latest sign that cyber warfare has moved into the mainstream -- and reinforce worries about collateral damage in such attacks.

The U.S. has refrained from unleashing its cyber warfare arsenal on Iraq in fear of causing unintended, widespread damage to the wider region's economy and services.

But hackers in other countries haven't shown such concern. In the past, attacks from Russia hit both Estonia and Georgia, although the exact perpetrators, whether criminals or government agents, remain unmasked.

Whatever their cause, yesterday's attacks highlighted the risk that hackers pose to the infrastructure of the world.

Experts have said that a total cyber war could result in the loss of key services and instant bankruptcy. In the past, hackers have compromised the U.S. electricity grid and managed to obtain fighter jet plans from the U.S. government.

If indeed the attack was aimed at Cyxymu, there is one positive note in the aftermath: He was not completely shut down. His Twitter feed and YouTube channel remain up. Some videos on the YouTube channel require logging in because the war scenes they depict are deemed unsuitable for minors.

Spokespeople from Twitter and LiveJournal did not immediately return requests for comment.

Update adds comments from Facebook.