A hacking group calling itself the “Iranian Cyber Army” pulled off a coup for about an hour earlier today, redirecting visitors to the Twitter website to a page containing a green flag and Arabic writing:
Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users.
Of course, just because a message saying
This site has been hacked by Iranian Cyber Army
has beeen posted on a webpage does not necessarily mean that hackers from Iran are responsible for the defacement.
However, Twitter was widely used earlier this year by those wishing to share information about anti-government protests in the country earlier this year, and rumours spread in July that planned maintenance on the site was delayed to allow Iranians to continue to share information from inside the country as citizen journalists commented on the controversial election result.
Another part of the message read:
The USA thinks they control and manage internet access, but they don't. We control and manage the internet with our power, so do not try to the incite Iranian people.
Biz Stone of Twitter has posted a brief blog entry explaining that Twitter’s DNS records were compromised by an unauthorised party, meaning that anyone who tried to visit Twitter.com were instead taken to a third party site.
If that’s right then it means that Twitter’s own servers weren’t necessarily breached by the hackers.
DNS records work like a telephone book, converting human-readable website names like twitter.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered twitter.com into your browser you were instead taken to a website that wasn’t under Twitter’s control.
Just imagine what could have occurred if they had pointed people to a phishing site posing as Twitter (designed to steal login names and passwords) rather than a political message.
The question now is how did the hackers manage to change the DNS records for twitter.com? Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of Twitter’s DNS records?Follow @gcluley