TZUTC: -0500   
   MSGID: 470.consprcy@1:2320/105 2c3ac22f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Who was really behind the massive X cyberattack? Heres what experts say about   
   Elon Musks claims   
      
   Date:   
   Sat, 15 Mar 2025 09:00:00 +0000   
      
   Description:   
   A large-scale cyberattack caused multiple X outages on Monday 10 March. But    
   is it really possible to identify where the attack originated?   
      
   FULL STORY   
      
   The social media platform X, formerly known as Twitter, suffered multiple   
   outages on Monday 10 March . Thousands of X users in both the US and the UK   
   reported being unable to access the website throughout the day.    
      
   Speaking to Fox Business , owner Elon Musk attributed the outages to a    
   massive cyberattack and claimed that IP addresses originating in the Ukraine   
   area were behind it.    
      
   With reported problems peaking at 40,000 on Downdetector, the scale of the   
   outage is not in any doubt. Its the most significant interruption of service   
   that the platform has suffered in years, with the effects of the outages   
   lasting for several hours.    
      
   But now the dust has settled, what exactly caused the outage? Here are the   
   original theories, followed by the thoughts of cybersecurity experts...   
      
   The claim: Ukraine-based hackers were behind the X cyberattack   
      
   In the aftermath of the X outage, question marks remain over its cause  and   
   who might be behind it.    
      
   Elon Musk took to X on Monday to share his belief that the attack had been   
   carried out with a lot of resources. He went on to claim that "either a    
   large, coordinated group and/or a country is involved", followed by his later   
   comments on Fox Business that it came from IP addresses originating in the   
   Ukraine area. There was (still is) a massive cyberattack against . We get   
   attacked every day, but this was done with a lot of resources. Either a    
   large, coordinated group and/or a country is involved. Tracing   
   https://t.co/aZSO1a92no March 10, 2025    
      
   The Hacking group Dark Storm Team briefly claimed responsibility for the   
   attack on Telegram, although the post was later deleted.    
      
   Amid the uncertainty and finger-pointing, weve pieced together a clearer   
   picture of what happened and deciphered Musks claims amid the ongoing   
   geo-political spat with President Volodymyr Zelensky.   
      
   The reality: it's impossible to pinpoint the real source of the X attack   
                     
   Analysts across the web are broadly united in their understanding that X   
   suffered a distributed denial-of-service ( DDoS ) attack on Monday. This is   
   traditionally quite a crude form of cyberattack. It floods a targets servers   
   with illegitimate traffic, overwhelming their capacity and preventing real   
   users from accessing the website in question.    
      
   Speaking to BBC Radio 4s Today program , Ciaran Martin  a professor at Oxford   
   Universitys Blavatnik School of Government and former head of the UK's   
   National Cyber Security Centre  described the technique as not that   
   sophisticated.    
      
   Some experts suggest otherwise. David Mound, Senior Penetration Tester at   
   third-party risk management platform Security Scorecard , said in a statement   
   that DDoS attack tactics have evolved dramatically. He pointed out that   
   attackers now distribute traffic across entire subnets.    
      
   That echoes comments from industry insiders elsewhere. Several experts have   
   highlighted that DDoS attacks are usually orchestrated using a battalion of   
   devices around the globe. Traffic tends to be generated from IP addresses   
   which are distributed across different regions, making it hard to pinpoint   
   exactly where the attack originated from.    
      
   Speaking to Wired , Shawn Edwards, chief security officer of Zayo, a network   
   connectivity firm, said that attackers frequently use compromised devices,   
   VPNs, or proxy networks to obfuscate their true origin.    
      
   As a result, its difficult to pinpoint the real source of an attack. Even if   
   traffic did come from IP addresses within a particular country, as Musk   
   suggested, that doesnt mean the cyberattackers were located in that country.   
   In the words of Professor Martin, it tells you absolutely nothing.   
      
   Incidentally, Wired also quoted an anonymous researcher who stated that none   
   of the top 20 traffic sources involved in the attack were located in Ukraine.   
   If correct, that would disprove Musks statement regarding Ukrainian hackers.   
   There appears to be no evidence behind his claim that IP addresses involved    
   in the attack originated in Ukraine. Even if they did, that alone would not    
   be proof that any group in the country was actually involved in the attack.    
      
   Thats not to say a state actor couldnt be involved. Mound made clear that   
   nation-state actors are also employing DDoS as part of broader cyber    
   influence and disruption campaigns, particularly in geopolitical conflicts.    
      
   Another question is how the attack was able to impact X so significantly.    
   DDoS attacks are relatively commonplace, with Musk himself posting on Monday   
   that X gets attacked every day. So why did this one bring down X? Musk is    
   keen to suggest that a heavily resourced group is behind it.    
      
   However, a number of independent analysts have identified that Xs servers    
   were not properly secured, leaving them publicly exposed to the attack. To   
   quote Professor Martin again, it doesn't reflect well on their cyber   
   security."    
      
   Cyber specialists are warning of an increase in the regularity and complexity   
   of DDoS attacks. In some cases, attackers are extorting businesses by   
   threatening prolonged downtime, says Mound. Others are threatening    
   politically motivated disruptions against governments, financial    
   institutions, and infrastructure providers.    
      
   Mound concludes: With attackers continually refining their techniques, a   
   proactive, adaptive security posture is essential to withstand modern DDoS   
   threats.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/computing/cyber-security/who-was-really-behind-the-m   
   assive-x-cyberattack-heres-what-experts-say-about-elon-musks-claims   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426