Georgia, Russia: Cyber Attacks on Blogger 'Cyxymu'

Global Voices Online
Sunday, August 9, 2009


A year ago, the Russo-Georgian war coincided with the 2008 Beijing Olympics, diverting some of the public attention from the peaceful sporting event. This week, cyber attacks on LiveJournal, Twitter and Facebook, targeting Tbilisi-based LJ/Twitter/Facebook user cyxymu, have added an extra dimension to the coverage of the first anniversary of the war - and even re-focused it to some extent.

Initially, the Russo-Georgian connection was not evident. On Aug. 6, LJ user mhwest posted this note (ENG) in the lj_maintenance LJ community, announcing that the blogging platform was "under attack":

Wonderful World of DDoS

As some of you may know, LiveJournal has been under attack this morning from 6:00am PST until ??? We have taken steps to mitigate the DDoS but some users may still experience site connectivity problems. [...]


This post has received over 250 comments, but there is only a handful of mentions of the geopolitical cause for the outages. Here is a sampling:

lavvyan - Aug. 6:

The Russians are coming!

No, wait...

[...]

nysidra - Aug. 7:

I remembered seeing this comment yesterday.

Just so you know, you were right. ^_^

Twitter's Meltdown: Blame the Russians


Also on Aug. 7, Eternal Remont quoted from a BBC piece (ENG), explaining the situation:

Yesterday, as blood poured down from the heavens, the seas boiled and the Earth was ripped apart because of the Denial of Service attack against Google, Twitter and Facebook (“OMG, I can’t tweet about the fact that Twitter is down!) we pondered one alluring possibility: is Russia involved?

Maybe. We do know that the disruption of all social networking on the planet was directed at one person:

BBC: "The massively co-ordinated attack on websites including Google, Facebook and Twitter was directed at one individual, a pro-Georgian blogger known as Cyxymu… Specifically, the person is an activist blogger and a botnet was directed to request his pages at such a rate that it impacted service for other users." [...]


And so, on the eve of the first anniversary of the war, LJ user cyxymu - whose nickname is a latinized version of the Russian spelling of Sukhumi, the capital of Abkhazia - became a celebrity of sorts.

Cyrillic LJ users - diana-ledi, taki-net, markgrigorian and many others - reported (RUS) not being able to publish posts and comments containing cyxymu's nickname.

His primary LJ blog and two backups - cyxymu1 and cyxymu2 - are currently inaccessible (some of his recollections, however, were translated by Global Voices' author Lyndon in Oct. 2007 and July 2008: The War in Abkhazia - ‘Cyxymu' Remembers, and Abkhazia, Georgia: "Home.”)

Cyxymu also has a Blogger blog, Twitter account, a public Facebook page, and a Facebook group with more than 750 members, created by someone else to support his cause.

Evgeny Morozov of the Foreign Policy's Net.Effect blog wrote (ENG) that he'd been "calling attention to CYXYMU's problems for months now, and this brought no results." Here is Evgeny's take on the recent cyber attacks:

[...] In short, I think that the current wave of attacks had one objective: to flesh attackers' cyber-muscles by revealing the kind of leverage that CYXYMU's detractors have on the Internet's most popular sites. Make no mistake: these attacks on Twitter and Facebook were NOT about silencing him down or thwarting the distribution of information that would Kremlin feel uncomfortable. [...]

If you carefully look at CYXYMU's Twitter account (most of it in Russian), you will see that there is really no information of ANY political significance there. He's been tweeting since late December 2008, produced 41 updates, and most of them had nothing to do with politics (here are some typical updates: "Summer is good!", "Life is great! I am recalling all the jokes about mothers-in-law", "Oh those bureaucrats").

This is definitely not the kind of stuff that threatens Kremlin. [...] His blog is also somewhat of a news hub: he has done an amazing job of keeping his followers in the loop as to what happens in Abkhazia and Georgia, the two regions that are not exactly in the center of media attention (even in Russia). He's definitely NOT the blogosphere's version of Anna Politkovskaia; it is his opinions and visibility - rather than his revelations - that have made him an important target.

Thus, I think that the attackers' real goal was humiliation, not censorship (however, more on the censorship part at the very end). A secondary goal was to generate awe-inducing headlines about Russia's cyberpower all over the Web; there is no better way to do it these days than to make Twitter inaccessible for a few hours. [...]


Ostap Karmodi wrote (RUS, link via LJ user drugoi) that "the attackers" would have probably thought twice before doing what they did if only they had been capable of foreseeing the outcome of their attacks:

[...] The result of yesterday's attack is that cyxymu, so disliked by some hackers, has become known to the whole world. The Spanish El Pais has written about him, and the French Liberation, and the German Spiegel, and the British Guardian, and the American Washington Post, and the Japanese Yomiuri. In short, all the main papers of the world. Some of them have even done short interviews with cyxymu. From now on, if a conflict between Russia and Georgia breaks out again, the world media will know who to talk to.

From now on, cyxymu's opinion on Russian politics will be interesting to the whole world - the opinion of a person who caused a crash of a hundred million accounts is always interesting.

The day before yesterday cyxymu was known to no more than ten thousand people. Today he is known to - what's the audience of the world media? 500 million? A billion? And most of these people sympathize with him - people do tend to sympathize with victims of mass persecution. [...]


Here is one of Evgeny Morozov's theories on who might be behind the attacks:

[...] The amateurization of cyberwarfare has been one permanent feature of virtually all recent cyber-attacks that somehow implicated Russia; it may be part of a broader Kremlin effort to "crowdsource" its defenses and offenses to groups of nationalistic vigilantes, not just in cyberspace. Thus, recent news reports suggest that Nashi, Kremlin's youth arm, will soon be recruiting up to 100,000 problematic teenagers to form ARMED militia units that would patrol the streets. It would make some sense if they also invest into units of "cyber-vigilantes" who would be patrolling cyberspace, particularly given the rising importance of the Internet in Russia's public life. [...]


And LJ user dolboeb felt, too, that "the recent initiative to create street 'militia units' in Russia" and the idea to attack cyxymu's blogs could have originated from the same source. He wrote (RUS):

[...] Indeed, why would the regime torture itself, trying to come up with some general anti-internet laws, the way the naive Kazakhs and the old-fashioned Chinese did, when a pack of patriotically-minded thugs is close at hand, ready to crash any service or resource [as soon as they are ordered to (or even without being ordered to)]. [...]


LJ user drugoi pointed in a slightly different direction in this very short and sarcastic post (RUS):

A request

Comrade [officer], I've written a post about The Beatles. Will you allow me to publish it? There's not a single word about Georgia in it. Will you please turn off your hurdy-gurdy for five minutes?


(The Beatles post (RUS) is here, by the way - it commemorates the 40th anniversary of the famous Abbey Road photo.)

No comments: