One morning in March, the global network has vacillated. In a few hours, the X platform froze before millions of users, unable to respond to connections. This is not the first time that a digital giant has been bending under a computer attack, but this time, silence has given way to a direct accusation. Elon Musk points to a Ukrainian origin, while experts multiply the hypotheses. Behind this cyber attack against X, the tracks are blurring between geopolitical conflicts, technical faults and digital manipulations.
Quickly, the owner of X, Elon Musk, spoke. According to him, it is not a simple technical incident but a coordinated attack, of an unprecedented scale. He evokes a massive cyber attack, saying that it would have been carried out using IP addresses “located in the Ukrainian region”. But this declaration, relayed by Fox Business, does not convince cybersecurity experts.
The first analyzes converge on a distributed, or DDOS denial attack. This technique consists in overloading a server with a massive flow of fraudulent requests, until it makes it inaccessible to legitimate users. A known process, often rudimentary, but which can do enormous damage when it is well orchestrated.
When geopolitics invites itself into cyber attack against X
By pointing to a Ukrainian origin, Elon Musk adds a geopolitical dimension to a first technical event. On X, he says that the authors of the attack had “important means”, suggesting that a state could be involved. This hypothesis, although spectacular, is not based on any tangible evidence.
As the world points out, DDOS attacks are often carried out using networks of infected machines distributed worldwide. The use of IP addresses in a given region therefore does not identify a responsible country. The former director of the National Cybersecurity Center of the United Kingdom, Ciaran Martin, recalls that the apparent provenance of an attack says nothing about its true author.
The case takes an even more troubled turn when a group named Dark Storm Team briefly claims the attack on Telegram, before removing its publication. This collective, recently appeared on the Cyber scene, says he supports the Palestinian cause and, according to Orange Cyberdefense, would have potential links with Russia. Difficult in this context to disentangle ideological motivations, opportunistic actions and political recovery.
Repeated vulnerable infrastructures
If the eyes turn to potential external enemies, some analysts prefer to question the internal flaws of X. Several independent experts point to the poor configuration of the platform servers, exposed too permissively to this type of attack. This lack of protection would have facilitated the saturation of the service.
The platform also undergoes, according to Elon Musk itself, daily attacks. What questions is the particular severity of that of March 10. For David Mound, from Security Scorecard, modern DDOS attacks have gained complexity. They now use sophisticated trafficking techniques, making classic protections ineffective.
In Wired columns, Shawn Edwards, cybersecurity expert at Zayo, stresses that attackers use compromise devices, VPNs or proxy networks to blur their origin. In the end, it becomes almost impossible to go up the chain. Each link adds a layer of opacity. Even with advanced tools, the identity of the sponsor remains out of reach.
Faced with this constant evolution of threats, specialists call to review the cybersecurity strategy of platforms in depth. A social network as central as X cannot be satisfied with a passive defense. Especially since DDOS attacks are increasingly used for blackmailing, sabotage or interference purposes.
