A cyber war between Russian and Georgian sympathizers is being blamed for the great Twitter crash of 2009.
Throughout Thursday, 45 million twitter users across the globe were left speechless as the microblogging site was hit by a malicious cyberattack.
Facebook's chief security officer, Max Kelly, told CNet News that the problems originated with a single user, a Georgian blogger who goes by the handle “Cyxymu.”
Mr. Kelly said that the user's Twitter, Facebook, LiveJournal, Google Blogger and YouTube accounts were all attacked at the same time in an effort to get him – and his messages – offline.
“It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Mr. Kelly said. “We're actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can.”Cyxymu, who has been identified as a 34-year-old from Tbilisi, Georgia, frequently blogs about the conflict between Georgia and Russia. His comments are deeply critical of Russian involvement.
However, Michael Wheeler, vice-president of Twitters' Internet service provider NTT America, said that the company does not believe the attack was targeted at a single user.
“There's nothing we have that suggests that this was a single user,” he said.
Graham Cluley, a senior technology consultant at Sophos, a global leader in internet security, said the chaos was caused by a denial of service attack.
In such an attack, innocent people's home computers become part of a “botnet” and are instructed by a hacker to flood websites like Twitter with traffic. This overwhelms the sites, denying others access.
“It's a bit like 15 fat guys trying to get through a revolving door at the same time,” Mr. Cluley said. The door becomes blocked and nobody can get through. The other sites targeted sremained online because they were better prepared to handle the attack, he said.
Sophos began intercepting spam messages that pretended to be coming from Cyxymu's Gmail address on Aug. 6. The messages directed recipients to Cyxymu's Twitter, LiveJournal and other pages.
Analysts believe this was the hacker's first attempt to make web hosts drop Cyxymu's pages because they were hogging too much bandwidth. Once Facebook publicly identified Cyxymu, analysts were able to identify the traffic flow to his pages on other sites.
“Someone has taken real offence at what he's been writing,” Mr. Cluley said. “They had a vendetta.”
The attacks come at a deeply charged time. Friday marked the first anniversary of the war between Russia and Georgia over South Ossetia. Tensions have been mounting over accusations of a broken ceasefire by both sides.
Mr. Cluley said analysts also saw denial of service attacks this time last year, including an attack by Russian hackers on the President of Georgia's website.
Cyxymu, meanwhile, is accusing the Kremlin of orchestrating the attacks.
“Maybe it was carried out by ordinary hackers but I'm certain the order came from the Russian government,” a man identified by the Guardian as Cyxymu said from the paper's office in Tbilisi. “An attack on such a scale that affected three worldwide services with numerous servers could only be organized by someone with huge resources.”
On Friday, Cyxymu tweeted the following to his 1,159 followers: “My twitter is online! Thank you all for support after ciber attack from Russia!”
But Mr. Cluley rejects this accusation. He said the hackers had probably not intended to bring down Twitter and that if the government had wanted to boot Cyxymu offline, attacking Twitter would have been a foolish move.
“That would be like using a sledgehammer to crack a peanut,” he said.
Staff at the Russian embassy in Ottawa said they were not aware of the attacks, but press attaché Sergey Khueykov noted that Russia has received several provocations from Georgia in recent days.
