Social media network X suffered intermittent outages Monday, March 10, with Politico reporting the cyberattack “destabilized many features on the website, such as viewing posts and user profiles.” When owner Elon Musk reported that the platform was facing a “massive cyberattack,” he posted, “There was (still is) a massive cyberattack against 𝕏. We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved. Tracing …”
Elon Musk later told the Fox Business channel, “We’re not sure exactly what happened, but there was a massive cyberattack to try to bring down the X system, with IP addresses originating in the Ukraine area.” However, pro-Palestinian group Dark Storm claimed responsibility for the attack on its Telegram channel within a few hours of the cyberattack being reported. Dark Storm has previously targeted Israeli hospitals, U.S. airports, government websites, and other critical infrastructure services, as reported by Sky News.
Musk’s statements and cybersecurity experts’ observations point to a distributed denial-of-service attack (DDoS), where the attacker floods a server with an overwhelming amount of internet traffic to bring down the website. In a DDoS attack, the origin of IP addresses is largely irrelevant: The attacks come from networks of electronic devices spread across the world, called “botnets,” that direct the traffic to a targeted website.
“What Mr. Musk has said is wholly unconvincing based on the evidence so far. It’s pretty much garbage,” Ciaran Martin, a former chief executive of the United Kingdom’s cybersecurity agency, who now teaches at Oxford University, told the BBC on Tuesday morning. Martin said that IP addresses originating in Ukraine could mean some of those devices were from Ukraine, but “some of them will be from Russia, some will be from Britain, from the U.S., South America, everywhere. It tells you absolutely nothing.”
Despite Musk’s statement that “this was done with a lot of resources,” Wired reported that “independent security researcher Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren’t properly secured behind the company’s Cloudflare DDoS protection and were publicly visible.”
“While pro-Palestinian Dark Storm Team takes ownership over the attack, @elonmusk blames UA IP addresses. DDoS attacks typically don’t reveal their true source easily. Botnets use hijacked devices worldwide, and the IP addresses seen in the attack traffic are just those of the infected machines, not the masterminds,” Dmitry Budorin, CEO and Founder of Ukrainian cybersecurity firm Hacken, posted on X (@buda_kyiv).