NEWS FROM THE LAB - Friday, August 7, 2009

Silence Cyxymu Posted by Mikko @ 13:21 GMT

Last night we saw a massive attack on a Georgian blogger who goes by the name "Cyxymu".

The attack included at least these components:

  •  DDoS attack against Cyxymu's Twitter account (http://twitter.com/cyxymu)
  •  DDoS attack against Cyxymu's Youtube account (https://www.youtube.com/cyxymu)
  •  DDoS attack against Cyxymu's Facebook account (http://www.facebook.com/cyxymu)
  •  DDoS attack against Cyxymu's Livejournal account (http://www.livejournal.com/cyxymu and http://cyxymu1.livejournal.com)
  •  DDoS attack against Cyxymu's Fotki account (http://public.fotki.com/cyxymu/)
  •  An e-mail "Joe Job" campaign against Cyxymu

The effects of some of these attacks are still visible. For example, Livejournal and Facebook are still not accepting connections to Cyxymu's pages.



Here's an example of what the Joe Job e-mails looked like. They were not sent by Cyxymu although they look like it.


Launching DDoS attacks against services like Facebook is the equivalent of bombing a TV station because you don't like one of the newscasters. The amount of collateral damage is huge. Million of users of Twitter, Livejournal, and Facebook have been experiencing problems because of this attack.

Whoever is behind this attack, they had significant bandwidth available. Our best guess is that these attacks were done by nationalistic Russian hackers who wanted to silence a visible online opponent. While doing that, they've only managed to attract more attention to Cyxymu and his message.

Then again, Cyxymu himself simply comments in his Tweets that the attack was done by the Russian KGB.


We're unlikely to ever know the truth.

Updated to add: Added info that Cyxymu's Fotki account was under attack as well.

Updated to add: See the comments section for commentary from a person who worked at a radio station that was bombed…