Elon Musk’s declare that the DDoS assault on X (previously Twitter) originated from Ukraine drew skepticism from cybersecurity specialists, who argue that attributing assaults primarily based on IP addresses is unreliable.
Attackers continuously use digital personal networks (VPNs) and different strategies to obfuscate their origins, making pinpointing a particular geographic supply tough.
On Monday, X was the goal of a distributed denial-of-service assault that intermittently shut down the favored social media website for customers worldwide. The X DDoS assault was linked to Darkish Storm Staff, a infamous hackivist group identified for launching comparable large-scale cyber disruptions.
Hours after the assault, Musk claimed throughout an interview with Fox Enterprise that the IP addresses related to the assault originated within the Ukraine space.
Tech-savvy customers on X rapidly identified that IP addresses might be masked or spoofed, making them seem to originate from one area after they really originate from one other.
Expensive Elon:You’ll be able to’t attribute an assault to any geographic location by IP handle alone. See: VPN, location spoofing, and many others. Additionally See: How botnets are managed remotelyAlso Additionally See: Ask a cybersecurity particular person that can assist you.
— MikeTalonNYC (@MikeTalonNYC) March 10, 2025
Cybersecurity professionals additionally cautioned towards drawing conclusions primarily based solely on IP handle information.
“If one have been conducting a DDoS assault you would not essentially see every connection originating from an IP handle from a particular nation or netblock,” Scott Renna, Senior Options Architect with blockchain safety agency Halborn, informed Decrypt. “By definition, the assault must come from a number of IP addresses.”
Renna identified that attackers distribute their visitors throughout quite a few places to keep away from detection and mitigation efforts.
“From an optics perspective and a blocking and prevention standpoint, it is simply not the way it’s sometimes executed,” he stated.
Whereas the origins of the X assault stay a thriller, DDoS-as-a-Service web sites are popping as much as facilitate the launch of large-scale assaults. These web sites let clients pay to launch DDoS assaults.
There are two foremost kinds of DaaS.
“Stresser” providers, that are reputable instruments corporations use to check and strengthen their IT infrastructure. Then there are “Booter” providers, that are malicious platforms designed to disrupt or take down focused programs.
Cybersecurity groups can use DDoS blackhole routing and geo-blocking to reduce the impression of DDoS assaults, which may have prevented the kind of assault that disrupted X this week.
Blackhole routing is an emergency measure that immediately blocks all visitors to a focused IP throughout an assault, nevertheless it additionally impacts reputable customers, making it a short lived resolution.
Geo-blocking limits entry from high-risk areas, decreasing cyber threats with out disrupting most customers.
In April 2022, web safety supplier Cloudflare efficiently mitigated a large DDoS assault concentrating on an unidentified cryptocurrency web site that tried to overwhelm the service with 15.3 million requests per second.
Whereas providers like Cloudflare excel at defending towards cyber threats, Renna emphasised the significance of making ready for potential failures.
“Providers like Cloudflare do an excellent job for companies,” Renna stated. “Nevertheless it comes all the way down to what occurs when these fail.”
Edited by Sebastian Sinclair
Typically Clever Publication
A weekly AI journey narrated by Gen, a generative AI mannequin.
