Advertisement


Advertisement

Thread Rating:
  • 16 Vote(s) - 3.06 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Creator of Korean botnet blamed for Twitter attack
#1
Advertisement
Security analysts are scrambling to find a motive behind the distributed denial-of-service attacks that brought down Twitter for several hours, and also hit Facebook, Google and LiveJournal.
With little information to go on, researchers ended up speculating on who launched the attacks and why, although several agreed that Twitter's infrastructure needed immediate strengthening.

"If you monitor the hacking forums, it's clear they're pissed at Twitter," said Richard Stiennon, founder of IT-Harvest, a security research firm. "Twitter came out of nowhere. Hackers hated that. They'd been using forums and IRC to communicate, and all of a sudden, the rest of the world has their own thing in Twitter."

To Stiennon's thinking, the rise of Twitter - and the backlash against it - resembles the situation in the 1990s, when AOL rose to prominence, but tech-savvy users denigrated it as little more than a glorified BBS (bulletin board system).

"It's the same thing now," Stiennon said. "They look at Twitter and think, 'there goes the neighborhood.' So they wanted to demonstrate that they could take it down and generate news at the same time."

Roger Thompson, chief research officer at AVG Technologies, has a different idea.

"I think it was a vigilante," he said, "who wants to call attention to the danger of botnets."

Thompson's theory posits that the vigilante - perhaps a security professional - assembled a small botnet, then aimed it at Twitter and Facebook, which was also attacked Thursday. He based his idea on several similarities to the distributed denial-of-service (DDoS) attacks that hammered US government and South Korean commercial sites in early July.

Those attacks, at one point thought to originate from North Korea, were unfocused, had no noticeable political agenda and most important, ended with the botnet controller ordering the machines to self-destruct by wiping their hard drives.

"Who builds a botnet, then destroys it?" Thompson asked. "That's just crazy."

In fact, Thompson said he believed the Twitter hacker was the same person who ran the US/South Korea DDoS almost exactly a month ago. "No one profits from DDoS-ing Twitter," he said. "The only possible explanation is that someone wanted to make people think about something, and I think that something is botnets.

"Botnets are a very big problem, but no one does anything about them," he added.

Both Stiennon and Thompson used the word "easy" to describe the kind of DDoS attack required to successfully attack Twitter and other websites. "It wouldn't take a real big botnet," said Thompson. One with 20,000 to 30,000 bots could have spoiled Twitter's day."

A different motivation surfaced late on Thursday, when a Facebook executive told CNET News that his company believed the attacks were directed against one individual, a pro-Georgian blogger identified only as "Cyxymu," who had accounts on Facebook, Twitter, LiveJournal and Google's Blogger and YouTube.

"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Max Kelly, Facebook's chief security officer, said.

One thing security researchers seemed to agree on was that Twitter needed to bolster its Web infrastructure, or it will invite further attacks. "If Twitter is following the usual commercial site approach to plan for a 100 percent traffic increase, it would be easy for a DDoS to take it down," Stiennon said.

"Twitter has to [re-examine] their infrastructure," Stiennon recommended. "It wouldn't take much more than $10 million to double the transaction capacity from what they have had. I'd double that or even quadruple that right away."

Barrett Lyon, the former chief technology officer and co-founder of BitGravity, and a noted expert on DDoS attacks, concurred. He and Stiennon collaborated yesterday in an attempt to dig up information about the Twitter attack; Lyon pegged the attack a DDoS before Twitter acknowledged it later on Thursday morning.

"It's pretty clear [Twitter is] ready for a redesign," Lyon said in an entry to his personal blog. "They need their own autonomous network, bring in bandwidth from many different providers, and have several layers of security. Building a strong ACL border and a nice mitigation layer would make a lot of sense for a company that is enabling communication."

Reply
Thanks given by:
Advertisement
#2
Its very bad news.i hv acount on twitter and i m facing many probelm.
Reply
Thanks given by:
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  General News: Twitter for Android brings bottom navigation bar, kills swiping between tabs nairrk 0 389 07-14-2018, 12:46 PM
Last Post: nairrk
  General News: Twitter launches the first ever IIFA Emoji nairrk 0 353 06-22-2018, 06:33 PM
Last Post: nairrk
  General News: Twitter adds new features to web and Windows app, killing some other apps nairrk 0 390 05-23-2018, 07:27 PM
Last Post: nairrk
  General News: Twitter introduces new feature to push more news links nairrk 0 393 04-30-2018, 07:18 AM
Last Post: nairrk
  General News: Twitter releases new emoji for Tamil, Malayalam new year Puthandu, Vishu nairrk 0 531 04-13-2018, 07:02 PM
Last Post: nairrk
  General News: Twitter introduces Timestamps feature nairrk 0 528 03-30-2018, 06:55 PM
Last Post: nairrk
  General News: New Twitter feature to help users save tweets for later nairrk 0 538 11-24-2017, 01:51 PM
Last Post: nairrk
  General News: This Chrome extension lets you shorten Twitter’s 280-character limit to 140 nairrk 0 488 11-10-2017, 02:50 PM
Last Post: nairrk
  General News: Twitter rolls out 280-character limit to all users nairrk 0 470 11-08-2017, 01:44 PM
Last Post: nairrk
  General News: Twitter rolls out new safety calendar nairrk 0 533 10-20-2017, 12:48 PM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement