Feeds

DNS attack hijacks Twitter

#wtf

Top three mobile application threats

A DNS hijacking attack left Twitter temporarily affected for about an hour early on Friday.

The initial attack has left many users scratching their heads while spreading the belief that Twitter's servers themselves were commandeered by hackers in the name of the "Iranian Cyber Army".

Not so.

It now seems that Twitter's DNS records were altered. That means surfers trying to reach the website directly via name resolution services were thrown over towards a fake domain, while the site itself and micro-blogging applications that plugged into Twitter's API - such as TweetDeck or mobile phone apps - were unaffected by the attack.

A status message on Twitter's blog explains:

As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.

Rik Ferguson, a security consultant at Trend Micro, explained that this type of DNS hijacking usually involves compromising the systems at the registrar responsible for the DNS records of the victim company before altering the relevant DNS records, in a blog posting here.

"These changes mean that when you or I type a web site address into our browsers, we are directed not to the real web site but to a second site, set up by the hackers, in this case the 'Iranian Cyber Army'," Ferguson writes. "This has the net effect of making it look like, in this example, servers belonging to Twitter were compromised when in reality that was not the case.

"These sorts of attacks are usually limited to hacktivism activities like this one today, but imagine the potential to criminals if they could pull this off against any site requiring log in credentials, such as PayPal, eBay, MSN, Facebook," he added.

Twitter was far from the only web site affected by the compromise. Other less high-profile sites also displayed the content posted by the previously unknown Iranian Cyber Army.

The attack against Twitter and other web sites follows a spate of attacks against registrars over the last month or so, according to defacement archive Zone-h.

Surfers getting hijacked more commonly arises as the result of malware on client PCs, but the latest run of attacks shows that compromised DNS records can also be a problem. "Companies should be monitoring their DNS resolution on several servers to become aware as early as possible when this kind of attack takes place," Ferguson advised. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.