Twitter, Facebook DDOS Aimed At Pro-Georgian Blogger

Politics and retribution against a pro-Georgian blogger were at the heart of the massive denial-of-service attacks launched on Twitter, Facebook and other social media sites Thursday morning, researchers discovered.

The motivation for the DDOS attacks appears to be elaborate political revenge, experts say. Twitter, along with Facebook, LiveJournal, YouTube and Fotki all hosted the account of a pro-Georgian blogger, known as cyxymu, a town in Georgia. And they all experienced a massive DDOS attack.

The hardest hit was microblogging site Twitter, which experienced an enormous system crash that blocked access for 45 million users worldwide for hours Thursday morning. Other sites, such as Facebook, were operational but experienced slowness and much longer load times.

Dave Marcus, security research and communications manager for McAfee Avert Labs, said that researchers looked at information going to Twitter, and were able to trace a series of globally distributed botnets launching a denial-of-service attack on cyxymu's accounts. Attack packets sent to the targeted social media sites were requests to fetch the pages hosted by cyxymu, who had just blogged about the upcoming one-year anniversary of the war between Georgia and Russia.

"There was a lot of collateral damage, but (attackers) were only really going after this one particular guy. They probably didn't care for his pro-Georgian statements," Marcus said.

Marcus said that organized attackers likely had the botnets in their control beforehand, and only had to use them to flood Twitter, Facebook and other social networking and media with traffic that would choke their networks and silence the targeted pro-Georgian messages.

Twitter founder Biz Stone said in a company blog post that the DDOS attack appeared to have larger geopolitical implications but declined further speculation.

"The ongoing, massively coordinated attacks on Twitter this week appear to have been geopolitical in motivation," Stone said. "However, we don't feel it's appropriate to engage in speculative discussion about these motivations. The open exchange of information can have a positive impact globally and our job is to keep Twitter services running reliably to the best of our ability.

While Twitter restored access later Thursday, the microblogging site experienced a distinct slowdown in service. Stone said that the company was working to restore Twitter apps to bring the site to full speed, while adding that no customer data or account information was compromised during the attack.

However, Marcus said that he expected to see more DDOS attacks going forward, noting that in recent months researchers have seen a decided return to hacktivism -- politically motivated hacking intended to make a statement, create shock, or otherwise gain notoriety. And because of their effectiveness, DDOS attacks will likely increase as a popular way to make a political statement or exact revenge on political enemies, Marcus said.

"Generally, it ramps up in prevalence before it ramps back down. Chances are we're going to see it grow in prevalence in the short term," Marcus said. "It's an easy way to get your message out, when you have people who are so passionate about their political feelings."