So what exactly happened here, well if it does turn out to be a DNS attack, which seems likely at the point. Don't think that one of Twitters massive well secured servers has been attacked and hacked onto because it hasn't. As I have mentioned in an early post on DNS hacking, the attackers have actually picked a softer target and in reality a much more effective one. Twitters DNS records are the way you get directed to the Twitter site. When you type in www.twitter.com, DNS records tell you which IP address you are sent to, obviously when everything is working properly this should be the IP address of the Twitter servers.
Here's the latest update from the Twitter site at the time of writing
"Twitter's DNS records were temporarily compromised but have now been fixed. We will update with more information soon," the company posted at about 2:30 a.m. ET Friday.
But if someone compromises your DNS records all your visitors never actually go to your site they just get sent to an alternative server. This is exactly the same as many countries use DNS to censor the Internet - including many Scandanavian countries - read my post on DNS Censorship for more details. It is an attack on the Internet infrastructure, not just the Twitter sites. It is also why it took a little longer to sort out, the first things the techies at Twitter would have noticed about the attack was a huge drop in traffic as everyone was redirected somewhere else.
This is in my opinion the really scary side of a DNS attack, the fact that the target servers are not even touched, people are just misled and redirected to another site. In this case all we got was some rant by a group calling themselves the Iranian Cyber Army.
But there are much more dangerous things that could have happened.
Imagine if the redirected site had been a copy of the Twitter Logon page that logged all the username and accounts? Very simple to do and how many usernames and passwords could it have harvested in even an hour or so from Twitter? I don't know much about Twitter itself and what would have been put at risk, at the very minimum a whole load of personal information gold for Identity thieves.
But you can also guarantee that a large proportion of those Twitter usernames and passwords would also have been used for banking sites, paypal, Ebay, shopping accounts and thousands of other sites. The reality is that these attacks illustrate the huge risks we are at online, when someone puts together a criminal motive rather than a political rant and combines it with a proper technical attack like this, the consequences could be enormous. I do hope all the Banks have secured their DNS records properly.