Feeds

DNS attack hijacks Twitter

#wtf

Secure remote control for conventional and virtual desktops

A DNS hijacking attack left Twitter temporarily affected for about an hour early on Friday.

The initial attack has left many users scratching their heads while spreading the belief that Twitter's servers themselves were commandeered by hackers in the name of the "Iranian Cyber Army".

Not so.

It now seems that Twitter's DNS records were altered. That means surfers trying to reach the website directly via name resolution services were thrown over towards a fake domain, while the site itself and micro-blogging applications that plugged into Twitter's API - such as TweetDeck or mobile phone apps - were unaffected by the attack.

A status message on Twitter's blog explains:

As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.

Rik Ferguson, a security consultant at Trend Micro, explained that this type of DNS hijacking usually involves compromising the systems at the registrar responsible for the DNS records of the victim company before altering the relevant DNS records, in a blog posting here.

"These changes mean that when you or I type a web site address into our browsers, we are directed not to the real web site but to a second site, set up by the hackers, in this case the 'Iranian Cyber Army'," Ferguson writes. "This has the net effect of making it look like, in this example, servers belonging to Twitter were compromised when in reality that was not the case.

"These sorts of attacks are usually limited to hacktivism activities like this one today, but imagine the potential to criminals if they could pull this off against any site requiring log in credentials, such as PayPal, eBay, MSN, Facebook," he added.

Twitter was far from the only web site affected by the compromise. Other less high-profile sites also displayed the content posted by the previously unknown Iranian Cyber Army.

The attack against Twitter and other web sites follows a spate of attacks against registrars over the last month or so, according to defacement archive Zone-h.

Surfers getting hijacked more commonly arises as the result of malware on client PCs, but the latest run of attacks shows that compromised DNS records can also be a problem. "Companies should be monitoring their DNS resolution on several servers to become aware as early as possible when this kind of attack takes place," Ferguson advised. ®

Beginner's guide to SSL certificates

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?