Elon Musk has sparked backlash from cybersecurity experts after he claimed, without solid proof, that Ukraine was behind a recent DDoS attack on his social media platform, X, previously known as Twitter. On March 10, the platform experienced significant outages, which Musk attributed to a “massive cyber attack” from IP addresses linked to Ukraine. This accusation came during a tense time for US-Ukrainian relations and shortly after US Cyber Command had paused its offensive operations against Russia.
Ukrainian officials quickly denied Musk’s claims. Ciaran Martin, the former head of the UK’s National Cyber Security Centre, criticized Musk’s assertion as unconvincing, labeling it “pretty much garbage.” He pointed out that X’s struggles with such an attack reflect poorly on its overall cybersecurity strength.
DDoS attacks work by overwhelming a server with unwanted traffic, rendering it inaccessible to users. These attacks are especially popular among hacktivists because they’re easy to carry out and hide the identities of the perpetrators. Experts like Tom Parker, a cybersecurity author and CTO at NetSPI, emphasize how challenging it is to accurately trace the origins of DDoS attacks. They note that attackers often use networks of compromised devices, making it difficult to pinpoint responsibility.
Parker added that while the scale of the attack suggests it could involve sophisticated actors, we should avoid jumping to conclusions without substantial evidence. He believes Ukraine is likely interested in maintaining a positive relationship with the US, casting doubt on the likelihood of official involvement. He suggested the possibility of a “false flag” operation aimed at implicating Ukraine.
Adding fuel to the fire, the pro-Palestinian hacktivist group Dark Storm Team took credit for the attack. They characterized their actions as a peaceful protest on Telegram, indicating that similar attacks may continue.
Cybersecurity advisor Jake Moore explained that DDoS attacks allow perpetrators to target websites without penetrating the core systems, enabling them to remain hidden. He noted that as threat actors evolve, they increasingly utilize a broader range of devices, complicating defenses against such attacks. Moore concluded that given the high profile of X, it remains a prime target for these types of disruptive actions.