What really happened to DDOS attacks that downloaded x

Social network X underwent periodic interruptions on Monday, owner of a situation Elon Musk It is attributed to “massive cyberatta”. Musk said in the initial X post that the attack was carried out by “either a large, coordinated group and/or state.” In a publication TelegramA propalist group, known as the Team Dark Storm, took a loan for attacks within a few hours. Later on Monday, however, Musk claimed in an interview with Fox Business Network that the attacks came from Ukrainian IP addresses.

Web traffic analysis experts who followed the incident on Monday quickly stressed that the type of attack X seems to collide-distributed denied services or DDOS, attacks-party attacks by a coordinated computers or Botnet, to focus on the target with trash in an attempt to overcome. Usually botthens are scattered around the world, generating traffic with geographically a variety of IP addresses, and they can include mechanisms that make it difficult to determine where it is controlled.

“It is important to admit that the IP attribution itself is not firm. Attacks often use compromised devices, VPNs or proxy networks to dress their true origin, “says Sean Edwards, Chief Security Officer of the Network Links company Zayo.

X did not return Wired requests for comment on attacks.

Numerous researchers tell Wired that they have observed five different attacks of different lengths against X infrastructure, the first beginning early on Monday morning with the last bursting on Monday afternoon.

The Internet Intelligence team at Cisco’s Hillyeyes says Wired in a statement: “During interruptions, thousands monitors network conditions that are characteristic of a DDOS attack, including significant conditions for loss of traffic that would prevent users from reaching the application.”

DDOS attacks are common and almost all modern internet services experience them regularly and should actively protectedS As Musk himself said on Monday, “we attack every day.” Why then did these DDOS attacks cause interruptions for X? Musk said it was so “this was done with a lot of resources”, but the independent security researcher Kevin Bomont and other analysts see evidence that some X Origin servers that respond to the Network requests were not properly reached by DDOS and were the company’s DDOS and were for the company’s DDOS and have been a defense publicly visibleS As a result, the attackers could direct them directly. X has provided the servers ever since.

“Botnett directly attacked IP And yesterday a bunch of this subnet. It’s a botnet of cameras and DVRS, “says Bomont.

A few hours after the final attack was completed, Musk told FOX Business presenter Larry Kudlow in an interview: “We’re not sure what exactly happened, but there was a massive cyberattack to try to download the X system with IP addresses originating from the Ukraine region.”

Musk has mocked Ukraine and his president, Volodymyr Zelenskyrepeatedly since Russia invaded its neighbor in February 2022. The main donor of the President’s campaign Donald TrumpMusk heads now the so -called Ministry of Government, or Interferencewhich destroyed the US Federal Government and its labor force during the weeks after Trump’s inauguration. Meanwhile, the Trump administration has recently warmed its relations with Russia and moved the United States from its many years of support to Ukraine. Musk has already been participated in these geopolitics In the context of a different company he possesses, Spacexwhich manages the satellite internet service Starlink Many Ukrainians rely.

DDOS trafficking analysis can destroy firearms in various ways, including by listing the countries that had the most IP addresses involved in the attack. But a researcher from a prominent company who requested anonymity because he was not authorized to talk about X, noted that they did not even see Ukraine in the collapse of the top 20 origin of the IP address involved in the X Attacks.

If the Ukrainian IP addresses have contributed to the attacks, numerous researchers say that the fact in itself is not remarkable.

“What we can conclude from the IP data is the geographical distribution of traffic sources, which can give an idea of ​​the composition of Botnet or the infrastructure used,” Edwards says Zayo. “What we cannot conclude for sure is the actual identity or intention of the perpetrator.”

Additional reporting from Zoë Schiffer.