As has been reported in a variety of sources today, the popular social networking site Twitter was hacked yesterday, apparently by a group calling itself the “Iranian Cyber Army.”
The site reportedly was unreachable starting at about 10:00 p.m. Thursday, for a period that lasted almost an hour.
Multiple reports have identified the nature of the attack as being against Twitter’s DNS records, rather than against the service’s own infrastructure. The DNS entry, reportedly hosted at traffic management service DYN (www.dyn.com) was compromised, and redirected to a site most likely hosted on a free account.
The landing page of the site users were redirected to featured a message reading “this site has been hacked by Iranian Cyber Army.”
In a TechCrunch post providing a fairly exhaustive investigation into the hack, Nic Cubrilovic says, citing both public accounts and “people within the underground security scene,” that the group is said to be working with the Iranian government. As part of an example, he mentions that the online attack was timed to coincide with several moves by Iran, including an escalation of diplomatic hostilities toward the US and EU and a move by Iranian troops into a disputed border area.
A major catalyst for Twitter’s rise to prominence this year was the disputed election in Iran, and the use of Twitter (along with YouTube and several other online resources) as a tool for disseminating information – during the election and the mass protests that followed, many traditional media resources were unsuccessful in providing a reliable picture of the situation.
Cubrilovic reports that the password reset function at DYN was used by attackers to gain access to Twitter’s DNS records and redirect them to the defacement site.
A big part of the discussion around the defacement has to do with the fact that Twitter has somewhat notoriously faced several other hacks in the last year. In the case of a recent mass hack of Twitter’s corporate email accounts, the vulnerability seemed to exist not in the site’s infrastructure security, but in the basic password security of email and administration accounts.
Thursday’s hack was reportedly rectified within the space of approximately an hour. The good news for Twitter is that the direct of security breaches like this on individual Twitter users is minimal, and that the general population of Twitter users does not appear to be particularly conscious of this kind of issue.