Twitter DNS Hacked by the Iranian Cyber Army

Now I’ve never been one for Twitter, but believe some of you are rather fond of it, but today it’s rather interesting, because Twitter was hacked. People trying to access the site today where greeted with this new web page from the Iranian Cyber Army.

Now I’m not sure who the Iranian Cyber Army are at the moment, but I’ve heard a few quips online that they probably only have a couple of Commodore 64s and a broken ZX81.   But unlike the last Twitter attack which was a DDOS (Distributed Denial of Service) attack, this one was directed at the Twitter DNS records.  To be perfectly honest it could indeed have been achieved on a Commodore 64 !  It is also rather interesting that Twitter is not liked by the Iranian Government mainly because protestors where using it to communicate  during the recent unrest.

So what exactly happened here, well if it does turn out to be a DNS attack, which seems likely at the point.  Don’t think that one of Twitters massive well secured servers has been attacked and hacked onto because it hasn’t.  As I have mentioned in an early post on DNS hacking, the attackers have actually picked a softer target and in reality a much more effective one.  Twitters DNS records are the way you get directed to the Twitter site. When you type in www.twitter.com, DNS records tell you which IP address you are sent to, obviously when everything is working properly this should be the IP address of the Twitter servers.

Here’s the latest update from the Twitter site at the time of writing

“Twitter’s DNS records were temporarily compromised but have now been fixed. We will update with more information soon,” the company posted at about 2:30 a.m. ET Friday.

But if someone compromises your DNS records all your visitors never actually go to your site they just get sent to an alternative server.    This is exactly the same as many countries use DNS to censor the Internet – including many Scandanavian countries – read my post on DNS Censorship for more details.   It is an attack on the Internet infrastructure, not just the Twitter sites.   It is also why it took a little longer to sort out, the first things the techies at Twitter would have noticed about the attack was a huge drop in traffic as everyone was redirected somewhere else.

This is in my opinion the really scary side of a DNS attack, the fact that the target servers are not even touched, people are just misled and redirected to another site.  In this case all we got was some rant by a group calling themselves the Iranian Cyber Army.

But there are much more dangerous things that could have happened.  

Imagine if the redirected site had been a copy of the Twitter Logon page that logged all the username and accounts?  Very simple to do and how many usernames and passwords could it have harvested in even an hour or so from Twitter?   I don’t know much about Twitter itself and what would have been put at risk, at the very minimum a whole load of personal information gold for Identity thieves.

But you can also guarantee that a large proportion of those Twitter usernames and passwords would also have been used for banking sites, paypal, Ebay, shopping accounts and thousands of other sites.  The reality is that these attacks illustrate the huge risks we are at online, when someone puts together a criminal motive rather than a political rant and combines it with a proper technical attack like this, the consequences could be enormous.  I do hope all the Banks have secured their DNS records properly.