Distributed Denial of Service attacks on Web sites are an increasing pest on the Web, but the latest bunch this week had a bizarre, and disturbing twist: They were aimed at a single user’s Web presence.
The blogger in question, using the name Cyxymi (technically СҮХҮМИ in Cyrillic) had accounts on Twitter, Facebook, Livejournal, YouTube, and Blogger. These are the services that came under a sustained, simultaneous DDoS attack yesterday, with Twitter going offline completely for a while, and Facebook running slowly and reporting strange error messages to users before its security staff managed to wrestle control back. Google was able to keep the effects of the attack to a minimum, but Cyxymi’s LiveJournal page was knocked down by the attack. Apparently the user was aware of the attack early on, as a cached image of the LiveJournal page showed a message about the DDoS, noting “Now its obvious it’s a special attack.”
And indeed it was special. Facebook’s chief of security Max Kelly, speaking to CNET noted, “It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard…We’re actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.” The question is, of course, what’s so special about Cyxymi’s voice that someone thought it needed to be quelled?
Part of the clue is the username itself. It’s pronounced Sukhumi, and it’s the name of the capital city of Abkhazia, a former Georgian region on the Black Sea that’s under disputed ownership–Russia recognizes its independence, but Georgia doesn’t. “СҮХҮМИ” is, in fact, a Georgian styling of the name, with the final “И” character being absent from the Russianized version.
While there’s no specific evidence yet, there was a recent flurry of cyber attacks targeting Georgian interests that accompanied the recent Russian invasion of the country, so it’s not hard to draw the conclusion that regional tensions are responsible for this. Indeed, the Russian aggression happened almost exactly one year ago. The other interesting fact is that a DDoS attack of this scale, coordinated against multiple targets, really needs a large number of virus-laden computers acting as a botnet to work. This appears to have been a pretty sophisticated operation indeed.
Though the Web companies impacted are now coordinating their efforts to work out the source of yesterday’s attack, the repercussions are slightly bigger than degraded access to social networking sites for millions of users. It seems that if you piss off the wrong people nowadays, your entire Web presence is at risk.