Speculation about DDoS attack on Twitter
Perhaps the most interesting fact about the popular Twitter microblogging service being unavailable for several hours yesterday is the possible cause. That's because apparently it wasn't the usual botnet attack.
At least a part of the escalated load that brought Twitter to its knees was apparently generated by a wave of spam emails with links to Twitter, Facebook, LiveJournal, Blogger and YouTube. While the larger and more established web services could handle the additional load brought on by the extra traffic, Twitter had a hard time digesting all of it, causing its website and API that powers various Twitter clients to go down for several hours.
The emails contained subjects including "Visit my Blog!" and said "Thanks for looking my Blog" with links to accounts from a political blogger using the online pseudonym "Cyxymu", the name of a town in the Republic of Georgia. The Russian-language blogger primarily reported on the conflict between Abkhaz and Georgian forces in the region.
Some media outlets are already calling it a targeted attack against Cyxymu. For example, CNET News cites Facebook's chief security officer Max Kelly saying that: "It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard." If this is true then the attacks would seem to have had the opposite effect. The fact that the blogger and the conflict itself are now being actively discussed is not surprising, but does not explain the mechanics of the attack.
- Twitter starts filtering malware URLs, a report from The H.