Security researchers aren't buying Musk's spin on the cyberattack that took down X
A new report in Wired suggests X may have left some of its servers unsecured.
One day after X went down for hours, security researchers are throwing cold water on Elon Musk’s public comments about who might be behind the DDoS attack. On Monday, as X was still struggling to remain online, Musk said in a post that the site had been brought down by a “massive cyberattack” executed by “a large, coordinated group and/or a country.” Later that day, in an interview with Fox News, he said the attack involved "IP addresses originating in the Ukraine area."
He never provided evidence for either claim. But, in a new report from Wired, security researchers offered a very different view on the attack. Security experts interviewed by the publication said that they had seen little evidence that Ukrainian IP addresses played a significant role in the DDoS attack, with one researcher saying the country wasn’t even in the top 20 countries of origin involved.
The report also suggests that, despite Musk’s assertion there were “a lot of resources” involved, X may have inadvertently left its systems susceptible to a DDoS attack like the one that happened Monday. “X origin servers, which respond to web requests, weren't properly secured behind the company's Cloudflare DDoS protection and were publicly visible,” Wired writes. “As a result, attackers could target them directly. X has since secured the servers.”
Notably, this wouldn’t be the first time Musk has blamed an unspecified “cyberattack” when faced with an embarrassing failure of X’s systems. Last year, Musk blamed a “massive DDoS attack” for crashing a planned livestream with Donald Trump, who was running for president at the time. Musk never explained how a DDoS attack could bring down only one feature on the site. The Verge later reported that there had been no such attack.
X didn’t respond to a request for comment.
