Security researchers aren't buying Musk's spin on the cyberattack that took down X

One time aft X went down for hours, information researchers are throwing acold h2o connected Elon Musk’s nationalist comments astir who mightiness beryllium down the DDoS attack. On Monday, arsenic X was inactive struggling to stay online, Musk said successful a station that the tract had been brought down by a “massive cyberattack” executed by “a large, coordinated radical and/or a country.” Later that day, successful an interrogation with Fox News, helium said the onslaught progressive "IP addresses originating successful the Ukraine area."

He ne'er provided grounds for either claim. But, successful a caller study from Wired, information researchers offered a precise antithetic presumption connected the attack. Security experts interviewed by the work said that they had seen small grounds that Ukrainian IP addresses played a important relation successful the DDoS attack, with 1 researcher saying the state wasn’t adjacent successful the apical 20 countries of root involved.

The study besides suggests that, contempt Musk’s assertion determination were “a batch of resources” involved, X whitethorn person inadvertently near its systems susceptible to a DDoS onslaught similar the 1 that happened Monday. “X root servers, which respond to web requests, weren't decently secured down the company's Cloudflare DDoS extortion and were publically visible,” Wired writes. “As a result, attackers could people them directly. X has since secured the servers.”

Notably, this wouldn’t beryllium the archetypal clip Musk has blamed an unspecified “cyberattack” erstwhile faced with an embarrassing nonaccomplishment of X’s systems. Last year, Musk blamed a “massive DDoS attack” for crashing a planned livestream with Donald Trump, who was moving for president astatine the time. Musk ne'er explained however a DDoS onslaught could bring down lone 1 diagnostic connected the site. The Verge later reported that determination had been nary specified attack.

X didn’t respond to a petition for comment.