If IPs for X cyberattack emerge in Ukraine, what does it mean about the origin of attack?
Elon Musk told Fox News that the cyberattack on X showed IP addresses which originated from Ukriane. We take a look at what the experts argue about the origin of IP addresses and what it means about where the attack came from.
Tech billionaire Elon Musk on March 10 claimed that his social media platform X (formerly known as Twitter), was under a massive cyberattack. In a post he emphasised that this attack was significant, writing: “We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved. Tracing …”
Then, speaking to Fox Business Network the same day, Elon Musk told the channel that the cyberattacker's IP addresses had been “traced” to Ukraine. He did not elaborate or give other details.
So, we see what experts feel about the issue if IP addresses were traced back to Ukraine… does that mean the disruption originated from Ukraine?
X Down, IPs Traced to Ukraine: What Do Experts Say?
According to an AP report, cybersecurity experts dismissed the idea that tracing the IP address meant you had found the definitive source of the attack. They pointed out that IP addresses don't necessarily indicate the origin of an attack.
Writing on social media platform Bluesky, security researcher Kevin Beaumont said that Elon Musk's claim about the Ukraine origin is “missing a key fact — it was actually IPs from worldwide, not just Ukraine.”
Beaumont noted that the cyberattack was conducted using the Mirai variant botnet, which uses compromised cameras. From his expertise, speaking about who is likely behind the attack, he pointed to teens saying, “Smells of APTs — advanced persistent teenagers.”
Does IPs Being Traced to Ukraine Mean the Cyberattack Originated in Ukraine?
The AP report also cited Allan Liska from cybersecurity company Recorded Future, who cast doubt that IP addresses pin point origin. He said that even if “every IP address that hit Twitter today originated from Ukraine (doubtful), they were most likely compromised machines controlled by a botnet run by a third party that could be located anywhere in the world.”
Further, Nicholas Reese, an adjunct instructor at the Center for Global Affairs in New York University’s School of Professional Studies and expert in cyber operations told AP the possibility of definitively verifying Elon Musk's claims without technical data from X is “pretty low”. He also noted that a state actor being behing the disruption “doesn't make a lot of sense” as the attack lasted a few short hours.
Reese explained to AP, “There are kind of two types of cyberattacks — there are ones that are designed to be very loud and there are ones that are designed to be very quiet. And the ones that are usually the most valuable are the ones that are very quiet. Something like this was designed to be discovered. So to me that almost certainly eliminates state actors. And the value that they would have gained from it is pretty low.”
Background: What Happened?
Users on X began complaining about being unable to access the site from around 6 am ET in the US, with reports of outtages surging to over 40,000 at 10 am, as per data on tracking website Downdetector. By noon, the reports dropped to the “low thousands”, the AP report noted.
(With inputs from AP)
Stay updated with the latest developments on Operation Sindoor and India-Pakistan conflict . Get breaking news and key updates here on Mint!