On Monday, the social media platform X experienced disruptions. Its owner, Elon Musk, claimed that a "massive cyberattack" had been carried out from Ukrainian IP addresses. However, cybersecurity experts argue that it doesn't work that way, as reported by WIRED.
Researchers who monitored the incident believe it was most likely a DDoS attack. They identified five separate attacks of varying duration on X's infrastructure. The internet analytics team at Cisco's ThousandEyes stated:
"During the disruptions, ThousandEyes observed network conditions typical of a DDoS attack, including significant traffic loss, which hindered users from accessing the application."
DDoS attacks are carried out through botnets, large networks of compromised devices that flood servers with requests, overwhelming them. These attacks are typically distributed globally, generating traffic from various IP addresses and can feature mechanisms that make it difficult to pinpoint the actual source of control.
An IP address by itself is not convincing evidence, said Sean Edwards, director of security at Zayo (although Musk did not provide proof of whether IP addresses from Ukraine were actually identified).
"Attackers often use compromised devices, VPNs, or proxy networks to hide their true origin," said Edwards.
Analysis of DDoS attacks can break down malicious traffic in various ways, including by identifying countries with the highest number of IP addresses involved in the attacks on X. However, an anonymous researcher from a well-known company stated that Ukraine wasn't even in the top 20 sources of IP addresses involved in the attacks on X.
Even if Ukrainian IP addresses were involved in the attacks, many researchers believe that fact alone is not noteworthy.
"From IP data, we can infer the geographic distribution of traffic sources, which can give us an idea of the botnet's composition or the infrastructure used," said Edwards from Zayo. "However, we can't confidently determine the true identity or intentions of the attacker."
Newsweek reported that the pro-Palestinian hacker group Dark Storm Team claimed responsibility for the attack.
