Sunday, December 20, 2009

Twitter investigates DNS hijack

Twitter, the popular micro-blogging network, welcomed visitors on Thursday night with a page claiming that the site had been hacked by a defacers with links to Iran.

In reality, the company's domain name had been hijacked by the vandals and visitors redirected to an unrelated site hosting the page. Passive domain-name service (DNS) records showed the DNS poisoning, as Twitter's record pointed first to two domains registered in Moldova and then to a domain registered to an undisclosed person in Pompano Beach, Florida, according to information posted by the SANS Internet Storm Center.

Twitter acknowledged the issue late last night, following earlier media reports.

"Twitter’s DNS records were temporarily compromised but have now been fixed," the site administrators' wrote at 11:28 p.m. PT. "We are looking into the underlying cause and will update with more information soon."

The popularity of the social networking service has made it a target of hackers and a focus of security researchers this year. In August, a botnet targeted both Twitter and Facebook with a distributed denial-of-service attack. The micro-blogging service has also had to contend with the spreading of worms, the exploitation of a security vulnerability, and the use of its network as a command-and-control channel.

Thursday's defacement claimed to be done by the "Iranian Cyber Army," but another message -- translated from Farsi by Google's automated translation engine -- reportedly claimed the attack was motivated by the U.S. and Twitter's interference in "my country," suggesting the attacker was an individual.

From: SecurityFocus


Tokwear said...

DNS hijack will become easier nowadays, have you heard of godaddy being hijack? never heard in news right :D

Johncrackernet said...

Yup, i heard already man...hahaha