Atlantic Council

Yesterday, Twitter, Facebook, and other popular social media sites were brought to a halt by distributed denial of service attacks.  It appears the target was a lone blogger in Georgia and the attack was timed to coincide with the anniversary of Russia's invasion of South Ossetia and Abkhazia.

My colleague Alex Petersen reports this is "the talk of the town here in Tbilisi."

So, what's the story?

Bobbie Johnson for The Guardian:

According to senior industry figures, the strikes that affected hundreds of millions of web users around the globe on Thursday were part of an attempt to damage just one individual - a controversial Georgian known only as Cyxymu.

Max Kelly, Facebook's chief security officer, told CNet news that the strike was an attempt to silence Cyxymu - an outspoken critic of last year's conflict between Georgia and Russia in South Ossetia - as the anniversary of the war approaches. "It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said. "We're actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can."

The strikes appeared to be one of the most widespread and coordinated attacks ever seen online, shutting down Twitter for significant portions of Thursday, as well as causing serious problems for Facebook and blogging service LiveJournal. Google, too, was subjected to attacks but said it had been able to prevent any damage - although some users reported some unexpected problems with the internet giant's services. It is not clear precisely how the attacks started or who was behind it, but a vast number of spam messages were also sent out simultaneously mentioning the victim.

With a monicker styled after the cyrillic name for the disputed Black Sea city of Sukhumi, Cyxymu runs a blog written in georgianised Russian and subtitled "of Sukhumi, the war and Bolivia". In the past, it was a home for controversial opinions on the way the conflict was handled by both the Russian and Georgian governments - last year resulting in a similar attack by opponents which had crashed LiveJournal.com.

Like many internet users, Cyxymu has accounts across a number of social networking services, and yesterday appeared to recognise that he or she may have been a target. "It became clear that it is a special attack on me or on Georgians," Cyxymu said in one message. "In my mailbox are hundreds of spam emails." "Spam was being sent on my behalf with an invitation to go to my blog... I apologise to everyone."

The blog at computer protection company McAfee has some technical details on the attack and observes,

We believe this campaign had a dual purpose. On one hand, the attackers spoofed the email address of the blogger, which is hosted on Gmail, as the originator of the spam. As a result, the blogger’s inbox was flooded with out-of-office notifications and vacation bounces automatically sent by mail clients of people who had received this spam. This was likely part of an intimidation campaign designed to send a message to cyxymu about who was the real intended target of the DDoS. In addition, the spam contained links to the blogger’s sites, with the likely goal of bringing even more traffic to bear on the servers of those blogs than would already be caused by the DDoS.

Computer spam and virus consultant Graham Cluley notes that, ironically, "Cyxymu's YouTube channel is still available. It contains a number of videos, many related to skirmishes between Russians and Georgians."

Computer World's Steven J. Vaughan-Nichols argues that Twitter is uniquely vulnerable to these attacks and that we're likely to see more of this sort of thing.

Twitter has become the way for Iranian protesters to keep in touch with each other and let the rest of the world know about how their election was stolen from them. The Iranian opposition had been planning protests against President Mahmoud Ahmadinejad's inauguration ceremony. A great deal of this planning has been over the Internet on blogs, and, of course, Twitter.

Funny timing don't you think that Twitter would be knocked completely off the air at just this time? And, if you think that governments don't use the Internet to knock out their enemies, you haven't been paying attention. Russians already successfully attacked Estonia's Internet infrastructure in 2007. With Windows botnets growing by leaps and bounds, it's easier than ever for governments or even just a handful of people to knock out major Web sites like Twitter.

I'm far from expert in the technology involved but we're almost certain to see more of this sort of thing. The Web and, increasingly, its social media communities, are primary means of spreading information, especially around authoritarian governments.  Iran, China, North Korea and Russia have all taken measures to cut their citizens off from these sources and have demonstrated a willingness to engage in cyber attacks when it suits their purposes.

Nearly two years ago, we issued a report pointing out that "the convenience of global connectivity comes at a cost—the vulnerability of network infrastructures and systems to the malicious actions of cyber criminals and espionage agencies" and warning that arguing that CEOs needed to be directly involved in preventing cyber attacks.  Similarly, our Global Trends 2025 report warned that the "growing use of cyber warfare attacks" was among factors that "increasingly will constrict US freedom of action."

James Joyner is managing editor of the Atlantic Council.