Twitter, Facebook attack targeted one user
A Georgian blogger with accounts on Twitter, Facebook, LiveJournal, and Google's Blogger and YouTube was targeted in a denial-of-service attack that led to the sitewide outage at Twitter and problems at the other sites on Thursday, according to a Facebook executive.
The blogger, who uses the account name "Cyxymu," (the name of a town in the Republic of Georgia) had accounts on all of the different sites that were attacked at the same time, Max Kelly, chief security officer at Facebook, told CNET News.
"It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard," Kelly said. "We're actively investigating the source of the attacks, and we hope to be able to find out the individuals involved in the back end and to take action against them, if we can."
Cyxymu LiveJournal account on cached version of Google.
(Credit: LiveJournal)Kelly declined to speculate on who was behind the attack, but he said: "You have to ask who would benefit the most from doing this and think about what those people are doing and the disregard for the rest of the users and the Internet."
Twitter was down for several hours beginning early Thursday morning, and it suffered periodic slowness and time-outs throughout the day.
Cyxymu's LiveJournal page wasn't accessible, but a cached version showed that it was updated on Thursday with a message about the denial-of-service, or DoS, attacks on his accounts on the United States-based sites. "Now it's obvious it's a special attack against me and Georgians," said the message, in Russian.
The site also apologized for a spam e-mail attack in which the sender was spoofed and made to look like the e-mails were sent by him. Screenshots are shown. It's unclear whether or how the spam attack is related to the DoS attacks.
In the distributed denial-of-service (DDoS) attack on the sites, computers that have been compromised by viruses or other malware are instructed by the attacker's computer to visit the specific Web sites all at the same time and repeatedly. The barrage of connection requests overwhelms the target sites, making it so that legitimate Web traffic can't get through.
Such coordinated attacks require the efforts of tens of thousands or more of hijacked computers, which together form a botnet. Spammers send e-mails with malicious attachments or URLs to millions of people to create botnets. Criminals also can lease existing botnets for specific campaigns for as little as 5 cents to 10 cents per bot.
A Facebook representative dismissed a theory that the attack was triggered by a spam campaign in which e-mails had links to the sites. It's unlikely that there would be enough recipients--all clicking on the URLs at the same time--to bring a site down, he said. There was a spam campaign that directed people to Cyxymu's accounts, but it wasn't the cause of the DoS, he said.
"The people who are coordinating this attack, the criminals, are definitely determined and using a lot of resources," Kelly said. "If they're asking our infrastructure to generate hundreds of pages a second, that's a lot of pages our users can't see."
Facebook and Google were able to minimize any impact to their sites, including Blogger, YouTube, and Google Sites, a free Web site service. Facebook even managed to keep the Cyxymu account accessible to Web surfers from that region, Kelly said, though it was inaccessible to people in other geographic areas, including San Francisco.
This was the first coordinated attack on the sites, and all the companies involved were working closely on the investigation, he said. "My team and the teams that are working together at all these companies are doing a really good job very quickly, and I'm proud and happy," he said.
Twitter and LiveJournal did not immediately return e-mails and calls seeking comment.
A Google representative offered this statement: "We are aware that a handful of non-Google sites were impacted by a DoS attack this morning and are in contact with some affected companies to help investigate this attack. Google systems prevented substantive impact to our services."
Political conflicts between Russia and its former republic spilled online last year with DoS attacks and Web site defacements going in both directions.
For more information, listen to Larry Magid's podcast interview with Elinor Mills.
Updated at 7:39 p.m. PDT, with Facebook saying a spam campaign did not cause the DoS, and at 6:35 p.m., with information from Cyxymu's site, more about the spam attack, how DDoS attacks work, and background on the Russia-Georgia conflict.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Opps ... I must switch out from CNET too ... darn !!!
Yesterday we heard that the US military is going to use Google Voice as a tactical communications vehicle.
Last week I suggested that every iPhone has a secret back door installed by their Chinese makers to allow the Chinese govt to take control of them.
Yesterday Bill Clinton poked a stick in the other communist Govt eye by getting the journalists released.
Today the Chinese govt said WE ARE NOT GOING TO TAKE THIS ANYMORE and unleashed a DDOS attack on twitter to see if it works. Wait till the army actually needs to use Google Voice. How do you spell DDOS in Chinese?
Elinor, thank you for the update. This is an interesting development and we'll look forward to learning more as the story progresses.
Marian Merritt
Symantec/Norton
Yes, but that's unfortunately a pipe dream, because of one OS provider having been pretty bad with securing their OS, and their browser, and when they tried, they botched it, with Vista.
You'd only get people to secure their computer if you make them responsible for the harm that their computer causes.
A bit defensive, eh? I don't even have a Mac.
I suggest leaving the world of MS fanboys and entering the real world, troll.
How many new OS X exploits came about this week? How many Windows?
Go and ask your mother if she has kep her PC with XP up-to-date with patches.
You don't have far to go, since you obviously still live in the basement...
It doesn't matter to them who gets targeted or for what reason. They only care about the money.
If you spend some time in the spam-fighting community, you learn that these things are not unusual. This was a bit more high-profile than usual, but these criminals have brought down an anti-spam company before (the Israeli company Blue Security.)
And yes, before the MS fanboys come back again, the botnets are pretty much exclusively comprised of Windows machines. People who use Macs or Linux tend to know a bit about technology and how to secure their machines. Joe Sixpack is unlikely to have a Mac or a Linux box, and he has most likely never heard of botnets.
'And yes, before the MS fanboys come back again, the botnets are pretty much exclusively comprised of Windows machines.'
>>>>Possibly, simply because Windows XP is still the most prominent OS online and the most targeted. However, there is an iBotnet out there as well. And since Vista and Windows 7 have proven infinitely harder to penetrate remotely than Leopard, and especially since we are finally seeing ItW attacks on Mac OS, we do know that criminals are trying to learn more about the platform; be assured the drive-by downloads are on the way. And when they do turn up, all it will take is a smart move on the part of the bot herders to plant the exploits on well-established sites that are likely to be visited by Mac users. If this happens, I predict an explosion larger in proportion than that of Conficker itself, because the percentage of secured Macs is far below that of protected PCs, even PCs running Windows XP.
'People who use Macs or Linux tend to know a bit about technology and how to secure their machines.'
>>>>Linux users, maybe, but NOT Mac users. In general, Mac users have one of two stories: 1) They are longtime Mac loyalists who have never installed a piece of hardware or a driver themselves. 2) They are former Windows users who threw up their hands and emigrated because they COULDN'T figure out what to do after malware started to flood the Web. Couple either scenario with the fact that there is more stuff out there for Windows than there is for the Mac, and the limitations of the Mac universe further constrict upon user potential. The most the average Mac can do is light to medium video editing. And whether you use Boot Camp or not, I don't know of one gamer whose rig is a Mac. Even an MBP can't handle Crysis, and we're talking a $2,500 laptop! You can get an XPS with better graphics for about half that much.
Sorry, but you really put your foot in your mouth this time.
"In general, Mac users have one of two stories"
And you know that how exactly? Are you a Mac user who falls in on of the categories you claim to know???
And since you are talking about foot in mouth, that's where your foot is.
As far as botnets on machines other than Windows are concerned, they are unlikely to be widespread, simply due to the fact that people don't run Linux and Macs as superuser. You need admin rights to install a botnet. And only Windows pretty much requires to run with admin rights.
And as far as Vista and Win7 are concerned, forget about that already. There are far more XP, and even W2K machines out there. The average botnet machine is not a gamer machine, it is an old XP from your mom. She is not going to buy a new PC to run Visa or Win7. That's what you clueless fanboys always forget.
'And you know that how exactly? Are you a Mac user who falls in on of the categories you claim to know???'
>>>>Cute, kid, but out the Window with that one (pun intended). The reason I know is because I know my history, and because I work in computer service.
'And since you are talking about foot in mouth, that's where your foot is.'
>>>>So, when do you graduate from high school? Just so you're aware, "No, YOU'RE wrong!" is an empty argument in the adult world. You have to explain why you think I'm wrong (or, more specifically, why you would LIKE to believe I'm wrong).
'As far as botnets on machines other than Windows are concerned, they are unlikely to be widespread, simply due to the fact that people don't run Linux and Macs as superuser. You need admin rights to install a botnet. And only Windows pretty much requires to run with admin rights.'
>>>>Apparently, you're not reading my posts. Once again, Mac OS authentication is like running a limited user account in XP, and that is easily circumvented if no other security measures are present. You claim to be a Linux kernel hacker; ever heard of "privilege escalation?" There are people who say there are more of these vulnerabilities for the Mac than there are for Windows. I can't verify this myself but, given how security researchers have been poo-pooing Apple's security since 2007, I wouldn't doubt it.
'And as far as Vista and Win7 are concerned, forget about that already. There are far more XP, and even W2K machines out there. The average botnet machine is not a gamer machine, it is an old XP from your mom. She is not going to buy a new PC to run Visa or Win7.'
>>>>Obscuriy does not equate to genuine security. This statement likens you unto a sitting duck, placing his life in the hands of the hunter and hoping he'll pass you over for a larger animal. Most Windows machines run some form of security software, be it antimalware, sandboxing, IPS/IDS, DPI, kernel lockdown, or whatever; most Macs do NOT. In case you haven't heard of Leap A, or iBotnet, or any of the others, let me inform you that people are trying to attack the Mac already. I understand it took three years following the release of XP before the first drive-by downloads appeared. But since everyone now knows what a drive-by download is, and because the Russians and Chinese have seen how easily people are doing it at CanSecWest, I wouldn't be surprised if Mac-targeted drive-by downloads come out much sooner than that.
That said, XP's continued dominance of the global market is not entirely related to consumer dissatisfaction with Vista (I'm not denying the truth in this), as most consumers take whatever you give them. Yes, there are some OEMs still offering XP on some models, but the main issue has to do with the huge gap in time between the releases of XP and Vista. XP was five years old when Vista finally hit the market. It is eight years old now, and has already lost nearly 20% market share to Vista.
Another issue is the fact that netbooks have made a big splash on the market, and most of them have replaced Linux with Windows XP. But Windows 7 is in fact nimble enough to run on a netbook, and has been well-received by virtually everyone who's hated Vista. Windows 7 has been heralded the "XP killer," the worthy replacement that will retire the aging XP once and for all. And as XP systems start getting replaced for obsolescence, this will translate into fewer machines that are reachable to most hackers, which in turn will translate to the need for new soil in which to plant the seeds for new botnets.
As far as we know, the only security implementation Apple has planned for the upcoming Snow Leopard is ASLR. Without DEP, Safe Unlinking, patch protection, or anything else, this may not be enough, especially when a majority of PCs on the market now are running 64-bit versions of Windows, on which DEP is hardware enforced and seemingly impossible to circumvent for a buffer overflow (if even a security researcher has successfully compromised Vista x64, I'm not aware of it). My prediction is that history will repeat itself, and Apple will once more be the one under attack... this time for profit.
"BTW, I completely missed your claim about W2K being more prevalent than Vista. Where do you get this information from?"
You obviously don't know much about businesses. Lots of companies continue to have W2K machines, e.g., for secretarial tasks.
May I suggest going out into the real world for a change, instead of trolling Internet forums?
This "obviously don't know" bit, as well as your old and moldy "troll/trolling" routine is completely empty, ESPECIALLY when we're going by how many machines hackers can reach remotely (referring to Internet-connected machines). According to Net Applications, the source most articles refer to, all Internet-connected Windows 2000 machines (including business machines) constitute less than 1% of the global market: http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=10
If you're going to keep trying to tell me that I "obviously don't know much," you'd better back that up with a link. And in case you've forgotten me telling you over and over again, the real troll is the one who finds it necessary to resort to childish name-calling and cursing. Show me a link, or accept the agony of correction once again. Seeing as how you continue to leap before you look, I'm sure you'll make this same mistake again. GROW UP already!
Mother Russia of course.
Nothing new just last year the initial cyber war was produced before the Russian invasion into Georgia. That?s a lot of ?Takedown power? to get one little guy..
http://blogs.zdnet.com/security/?p=1670
http://lwn.net/Articles/222153/
There have been Linux botnets & viruses around for years (e.g., the Rst-B virus). Also the recent psyb0t botnet was linux based.
A couple of years ago when eBay was looking into botnet C&C and phishing sites, to their surprise they encountered more rooted Linux servers than Windows boxes.
The correct reply would have been 'can't remember the last time I heard of a successful Windows botnet on any computer patched within the last month' but it seems mbenedict has so little faith in the security of Windows that he has to drag everything else down to his level.
Easier to tear down and destroy and reinforce, eh m?
Easier to tear down and destroy and reinforce, eh o?
Sure, everything can be broken. But it is so much easier to do that with Windows. Why would these criminals hire the expertise to crack some Linux vulnerability, when every 12-year-old kid can crack Windows? They go for the low-hanging fruit.
One of the major differences is that on Linux, for example, people don't run the system with administrator rights.
On Windows, using admin rights was pretty much a requirement to get any program running. Granted, MS tried to change that with Vista, but they botched it, so badly that the end result has been less security, with people switching UAC off. This is a fundamental flaw of Windows, which requires admin rights to install anything that has to do with COM, which means basically every program.
To change this would require a radical change of Windows which would break pretty much every program. MS is not going to do that, so botnets are unfortunately here to stay.
Fail. If you knew anything about OS architecture you would know that hacking can be done to every major OS very easily. It does not matter if it is vista, OSX, or linux, they can all be hacked the same. You have to understand how a hacker works. Who is going to take the time to code a virus for OSX when it has 2% of the market share. The hacker is obviously going to code for windows so that their virus infects the most people. Any 12 year old that is hacking windows is using tools that others spent time creating. SO your argument fails.
In no way does it change the fact that instead of pointing out that most Windows botnets rely on flaws that were patched about six months ago you decided to pull everything down to your level in a race to the bottom of who can be the most negative.
It could have been pointed out that Windows, like the Netgear routers, could be perfectly secure with the proper configuration (which with appliance routers should be done by the manufacturer) and updating but it seems you're not capable of anything but bile-filled negativity.
"Pull it down,drag it down
Drag it down,pull it down
Till there's nothing to look up to
But the brand names on the posters"
I mean, why not just reinforce the idea that Windows is inherently insecure yourself?
'Sure, everything can be broken. But it is so much easier to do that with Windows. Why would these criminals hire the expertise to crack some Linux vulnerability, when every 12-year-old kid can crack Windows? They go for the low-hanging fruit.'
>>>>Wrong again. The most recent version of Windows that is less secure than Mac OS is XP, and XP came out before anyone knew what a drive-by download was. You obviously don't know your tech history because, as suggested by your last few sentences, you're blaming MS for failing to address a problem that didn't even exist yet!
'On Windows, using admin rights was pretty much a requirement to get any program running. Granted, MS tried to change that with Vista, but they botched it, so badly that the end result has been less security, with people switching UAC off. This is a fundamental flaw of Windows, which requires admin rights to install anything that has to do with COM, which means basically every program.'
>>>>This is typical of a Mac user. You're treating Windows as if it were your own platform, with a single point of failure... authentication. In case you haven't been following Pwn2Own, authentication doesn't mean much. Linux may have extra layers of security, depending on what distro you run. But Mac OS only has authentication, which is equivalent to "Run as" from a limited user account in XP. And limited user accounts are easily pwned, as is the Mac.
Security researchers call Mac OS "easy pickings," and have successfully pwned it each year within minutes on day 2 of the competition. Vista wasn't compromised until day 3 last year, and Windows 7 beta was taken two months before Microsoft debuted its newest addition to the highly successful duo of NX and ASLR, Safe Unlinking. Even if the user were to turn UAC all the way off, Windows 7 RTM would likely still be harder to pwn than Vista itself, which in turn is still more inherently secure than OS X.
You're not getting into much detail. You seem to be doing little (if any) research on your own, and are instead trusting blindly in everything a fellow Mac fundamentalist tells you (likely because it's all you wanted to hear), while all shields are up against anything pro-Windows that anyone else might have to say. You'd do well to start doing your homework and get current on things before being so declarative from atop your soap box in the sand dunes; you look pretty silly when you fall flat on your face like this. Here's some light reading to get you started:
http://securitywatch.eweek.com/apple/mac_hacked_via_safari_browser_in_pwn2own_contest.html
http://www.darknet.org.uk/2008/03/mac-owned-on-2nd-day-of-pwn2own-hack-contest/
http://blogs.zdnet.com/security/?p=2917
http://it.toolbox.com/blogs/securitymonkey/mac-os-x-local-user-exploit-appears-12026
http://www.linuxtoday.com/news_story.php3?ltsn=2009-04-17-030-35-SC-SW
http://blogs.computerworld.com/why_windows_is_safer_than_the_mac
http://blogs.zdnet.com/hardware/?p=533&tag=rbxccnbzd1
I had to make an account just to say that >.<
Mabey we should just cut them off untill they start procecuting thier internet criminal properly so this doesnt happen.
[CNET editors' note: URL removed]
Boo for your spam link.
i have two words to say
proxy and satellite
hackers are much much smarter than the average computer geek. they would just hook the computers to the internet in another country. most likely in AMERICA
This has nothing to do with "hackers". The people who create the botnets aren't hackers. They are run--of-the-mill criminals. All they have to use is run some scripts. The scripts do all the work for them. Any 12-year old kid can do that.
The people who run these unsecured Windows machines are making it very easy. It is like keeping your front door open and have a sign on the lawn saying "open door, come in."
Mark Stoltz, Toronto Ontario, Canada
These things are a fact of life now. It's not going to go away, unless everybody would stop using Windows (and how likely is that?)
But you can make a start, by throwing out that Windows POS and install a real OS. There are lots of alternatives out there.
Marcelo Gengosa
www.gengosa.com
Official Content Solution Inc.
involved in politics!
A friend of mine was at that war, when georgia attacked south osetia , he've made some photos, wrote an article but it wasn't published because some guys from Washington DC didn't want this. And what do you think is next? He have found his photos on many sites and have seen them on TV as approval that russia brought out the war. SO *** IS THIS??? DEMOCRACY??
Our politics are playing in silly games, they feed us **** and want us to belive in everything they say.
It'll be an year after that war, and georgia wants us ( western world) again to believe in that ******* **** they've made.
South osetia was a part of georgia and, georgia's goverment decided to return them by force, of course with help of US , because they said that it was war for the democracy... oh yeah???
They crushed people by tanks for the democracy? bunch of ******* politics wants us to obey them, so ******* them all, if you want to know the truth you have to go there and ask people how it was.
have no time to write properly, just few minutes for a brake and back to work! .. will return soon...
- by aazippo1 August 7, 2009 5:26 AM PDT
- I think its safe to assume this guy really ticked someone off!
- Like this Reply to this comment
-
Showing 1 of 3 pages (110 Comments)RT
www.anon-web-tools.net.tc