Twitter website struck by 'Iranian Cyber Army' hackers

Filed Under: Social networks, Twitter, Vulnerability

A hacking group calling itself the "Iranian Cyber Army" pulled off a coup for about an hour earlier today, redirecting visitors to the Twitter website to a page containing a green flag and Arabic writing:

Twitter website hacked

Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users.

Of course, just because a message saying

This site has been hacked by Iranian Cyber Army

has beeen posted on a webpage does not necessarily mean that hackers from Iran are responsible for the defacement.

However, Twitter was widely used earlier this year by those wishing to share information about anti-government protests in the country earlier this year, and rumours spread in July that planned maintenance on the site was delayed to allow Iranians to continue to share information from inside the country as citizen journalists commented on the controversial election result.

Another part of the message read:

The USA thinks they control and manage internet access, but they don't. We control and manage the internet with our power, so do not try to the incite Iranian people.

Biz Stone of Twitter has posted a brief blog entry explaining that Twitter's DNS records were compromised by an unauthorised party, meaning that anyone who tried to visit Twitter.com were instead taken to a third party site.

Twitter tweets about DNS security issue

If that's right then it means that Twitter's own servers weren't necessarily breached by the hackers.

DNS records work like a telephone book, converting human-readable website names like twitter.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered twitter.com into your browser you were instead taken to a website that wasn't under Twitter's control.

Just imagine what could have occurred if they had pointed people to a phishing site posing as Twitter (designed to steal login names and passwords) rather than a political message.

The question now is how did the hackers manage to change the DNS records for twitter.com? Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of Twitter's DNS records?

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.