Why Twitter went down

There’ve been a lot of theories flying around about why Twitter and other services went down yesterday. I’ve heard rumors about it being linked to political tension between Georgia and Russia, others blame Iran for the outages.

Anyone who’s saying where the attack is coming from can only base their conclusions on pure speculation. There is no real data to prove who’s behind it, and if there would be any clue about the origins of this attack, it would be in the access logs on the victim servers.

It doesn’t really make sense for *any* government to launch such a DDoS attack just to silence somebody, anybody. An attack can last from a few minutes to a few hours – and after that what? Everything is back to normal, all communications are possible again. Personally, I don’t see any advantage that a government would achieve by disrupting access to Twitter or Facebook for 2 or 3 hours.

The only thing that I’m sure is going to happen after these incidents is that Twitter will gain even more popularity as a result. Everybody’s talking about it, the story is all over the news, all over the world – so the only thing that will happen is that Twitter will be even more popular after this.

UPDATE: We’ve been contacted by quite a few journalists asking about this case, and about Cyxymu – some commentators believe the attack was directed against him. With regard to individuals, I’m sure that governments or intelligence agencies have more direct and efficient methods for silencing somebody, if that was the case. DDoS-ing social networks doesn’t make sense, it is like using a tank to kill a mosquito.

Also, it’s worth noting that Cyxymu only had about 100 followers on Twitter when the attacks started – so I am wondering how big his influence really was to even consider him as the root cause of the DDoS attacks.

People will always be in love w ith conspiracy theories. It would be nice after incidents like this if everyone put the energy they have into securing systems, rather than generating more hot air.

Why Twitter went down

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox