Feeds

DNS attack hijacks Twitter

#wtf

Build a business case: developing custom apps

A DNS hijacking attack left Twitter temporarily affected for about an hour early on Friday.

The initial attack has left many users scratching their heads while spreading the belief that Twitter's servers themselves were commandeered by hackers in the name of the "Iranian Cyber Army".

Not so.

It now seems that Twitter's DNS records were altered. That means surfers trying to reach the website directly via name resolution services were thrown over towards a fake domain, while the site itself and micro-blogging applications that plugged into Twitter's API - such as TweetDeck or mobile phone apps - were unaffected by the attack.

A status message on Twitter's blog explains:

As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.

Rik Ferguson, a security consultant at Trend Micro, explained that this type of DNS hijacking usually involves compromising the systems at the registrar responsible for the DNS records of the victim company before altering the relevant DNS records, in a blog posting here.

"These changes mean that when you or I type a web site address into our browsers, we are directed not to the real web site but to a second site, set up by the hackers, in this case the 'Iranian Cyber Army'," Ferguson writes. "This has the net effect of making it look like, in this example, servers belonging to Twitter were compromised when in reality that was not the case.

"These sorts of attacks are usually limited to hacktivism activities like this one today, but imagine the potential to criminals if they could pull this off against any site requiring log in credentials, such as PayPal, eBay, MSN, Facebook," he added.

Twitter was far from the only web site affected by the compromise. Other less high-profile sites also displayed the content posted by the previously unknown Iranian Cyber Army.

The attack against Twitter and other web sites follows a spate of attacks against registrars over the last month or so, according to defacement archive Zone-h.

Surfers getting hijacked more commonly arises as the result of malware on client PCs, but the latest run of attacks shows that compromised DNS records can also be a problem. "Companies should be monitoring their DNS resolution on several servers to become aware as early as possible when this kind of attack takes place," Ferguson advised. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?