Pro-Georgia blogger ‘George’ target of Twitter attack

Cyxymu's Twitter account was said by Facebook's security officer to be the target of Thursday's attack.
A blogger believed to be the target of the attack that brought down Twitter Thursday has told CNN the cyber assault was politically motivated and timed to coincide with the one year anniversary of the Russia-Georgia conflict.

“Cyxymu” has identified himself to CNN as “George,” and the owner of the Twitter, Facebook and LiveJournal accounts named by Facebook’s security officer as being the target of a co-ordinated online attack. George told CNN in an e-mail his username is “the name of my home town, the capital of Apkhazia (Sokhumi) written in Russian and typed in Latin letters.” He confirmed he is 34 years old and based in Tblisi, Georgia, but declined to give further information which may reveal his identity. George told CNN his blogposts may have “irritated” someone enough to incite a cyber attack. His recent posts include: “How Russia was preparing military agression (sic) against Georgia, how they were training soldiers and mobilizing military equipment, what kind of provocations were carried out by the separatists prior to the war.” “Seems somebody did not like such a chronicle of events,” he told CNN. “I was also writing about all reforms implemented in Georgia in recent times so that all people outside Georgia could have proper information.” He said the main purpose of his blogs was to promote the resumption of relations between the Abkhazian and Georgian people.

Don’t Miss
Twitter hit by denial-of-service attack

Georgia, South Ossetia trade jabs

“I assume the above-mentioned could irritate those who are the authors of the given cyber attack and who will never accept the idea of the United, independent, democratic and prosperous Georgia,” he said. Twitter — a micro-blogging site where users post 140-character messages to their followers — went down for around two hours Thursday. Twitter said the site’s blackout was caused by a “denial-of-service attack,” which likely means a hacker used a number of infected computers to send bad information to the site to overwhelm it. Facebook and LiveJournal, a blogging site, also experienced problems. In a statement, Facebook said the attack, “resulted in a short period of degraded site experience for some visitors. No user data was at risk and the matter is now resolved for the majority of users.” Facebook security officer Max Kelly told CNet news Thursday the attack was designed to silence an outspoken blogger known by the username, “cyxymu.” “It was a simultaneous attack across a number of properties targeting him to keep his voice from being heard,” Kelly told CNet. “We’re actively investigating the source of the attacks and we hope to be able to find out the individuals involved in the back end and to take action against them if we can.” The Georgian government has confirmed it’s investigating potential links between the attacks and the user in Tblisi, Georgia, according to Shota Utiashvili, head of the Department of Information and Analysis at the Ministry of the Interior. Although they had no details yet, the spokesman said there were suspicions that the attack may have come from Russia, but it will take “some more time” before they could reach any conclusions. The Interior Ministry could not confirm the user’s identity. Graham Cluley, senior technology consultant at computer security firm Sophos told CNN it was unlikely the attacker intended to cripple Twitter, or to cause widespread disruption. “I suspect that whoever did this didn’t really want to bring down the likes of Twitter and cause problems for those other sites, they just wanted that material off because they objected to what it was saying, perhaps for a political reason,” he said. Cluley said Thursday’s attacks started with a spamming campaign, called a “joejob,” which is designed to tar a victim’s online reputation by appearing to be the source of a wave of spam. “The first thing they did was they started spamming out e-mails, using his name, pointing to Web pages he has on those Web sites,” Cluely said. “Some people have speculated that the ‘denial-of-service’ happened after people received these e-mails and clicked on the links. But I think that’s poppycock. I don’t think many people would have clicked on the links. “I think that instead what happened is that whoever had a vendetta against it took it one stage further and decided to launch a ‘denial-of-service’ attack against his pages, hoping of course that the pages would be taken down and he’d been taken off these sites.” Cluely said “denial-of-service” attacks were reported last year when Russia deployed troops to South Ossetia to repel Georgian forces. “We saw a series of denial of service attacks coming both from Russia and from Georgia a year ago when the conflict took off.” Read more about recent conflict in the region “It’s not unusual now, when there’s a tense part of the world where there’s conflict happening, for hackers to take matters into their own hands and to take potshots like this,” he said. “But in this case, it looks like that collateral damage was all of Twitter.”