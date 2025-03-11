Tech oligarch Elon Musk has drawn criticism from cyber security experts following unsubstantiated claims that Ukraine was behind an apparent distributed denial of service (DDoS) attack on his social media platform, X, formerly known as Twitter.

Musk, who currently heads the US government’s Department of Government Efficiency (Doge) that has fired thousands of federal workers, accused the Ukrainian government of being behind the incident that brought down X services for many users on Monday 10 March. Speaking to the Fox Business news channel, he claimed a “massive cyber attack” targeting X appeared to have originated from IP addresses located in Ukraine.

The incident came amid a serious deterioration in relations between Ukraine and the US, and just days after US Cyber Command, the country’s military offensive and defensive cyber unit, suspended offensive operations against Russia in a significant climbdown.

Ukrainian officials were quick to refute the suggestion Kyiv was behind the cyber attack, and in conversation with the BBC, former National Cyber Security Centre head Ciaran Martin described Musk’s accusations as unconvincing and “pretty much garbage”.

Martin told the BBC he would be hard-pressed to think of an organisation of X’s scale that has been so badly impacted by such an incident in recent years and suggested the incident did not paint a good picture of the platform’s wider cyber resilience.

In a DDoS attack, malicious actors bombard a server with junk web traffic to overwhelm it, forcing it offline and leaving legitimate users unable to access it.

Such crude forms of cyber attack are well-known and relatively common – they frequently form a key element in hacktivist actions thanks to their accessibility, which at first glance lends a certain element of credibility to Musk’s claims.

However, DDoS attacks are launched via geographically disperse networks of computers and other devices that have been co-opted into botnets without their owner’s knowledge or consent. This makes it very hard to accurately locate the individuals responsible for them.

Tom Parker, cyber security author and chief technology officer (CTO) at NetSPI, said the magnitude of the attack did strongly suggest the involvement of a sophisticated threat actor but it was important to understand that accurately attributing DDoS incidents is “notoriously difficult”.

“Such adversaries are highly adept at concealing their tracks. We must be extremely cautious about pointing fingers and sabre rattling without clear and compelling evidence to demonstrate capability, motive,and likely benefit for the party involved,” Parker told Computer Weekly.

“Despite recent events, I do believe Ukraine is still seeking to foster a more positive relationship with the US, which would make it unlikely that the claims of Ukrainian involvement are well-grounded. Rather, the scenario appears to align more with a ‘false flag’ operation deliberately crafted to implicate Ukraine.

“As we often see in these complex situations, the most straightforward explanation isn’t always correct, and drawing conclusions prematurely can lead us astray,” he said.