How Ddos Attackers Took Down Elon Musk's X

Users of the social media platform faced intermittent outages throughout Monday, which Musk blamed on a "large, coordinated group" or country waging a "massive cyberattack". He didn't provide any additional specifics to bolster his claim.

Jerome Meyer, security researcher with Nokia Deepfield, a business unit within Nokia, said X had been targeted in a distributed denial-of-service attack, or DDoS, which floods a website with traffic and forces it offline. Meyer said he was able to track the attack by reviewing data collected through Nokia's Deepfield, which is deployed inside telecommunications companies and provides analytics and DDoS protection.

The waves of traffic targeted particular "origin servers", which process and respond to incoming internet requests, he said. Those servers were vulnerable to attack because it appears they weren't shielded behind technology that blocks DDoS attacks, Meyer said. They 'should not be exposed on the internet", said Meyer, who added that one of the servers attacked on Monday was still isolated and vulnerable to attack on Tuesday morning.

"If X's origin servers were exposed or lacked adequate filtering, that would be a fundamental security oversight," he said. Protecting origin servers is a well-established best practice for any large-scale web service, Mound said.

Musk suggested in a Fox Business interview on Monday that his company had traced IP addresses to the "Ukraine area". However, cybersecurity experts have cast doubt on that claim.