Twitter Hacked – DNS hijacked

Twitter Hacked – could it happen to you?

Today’s posting sponsored by:

On 12/17/2008 around 7:00 PM EST , Twitter.com was hacked by a group claiming to be the Iranian Cyber Army. The actual attack was a DNS Hijacking (or DNS Poisoning) that resulted in Twitter Users being directed to a page of their choosing. In this example here is what they posted:

This old school defacement actually was conducted by ‘hijacking’ the sites DNS – how they accomplished this is still unknown, the fact is they did. What exactly is a DNS Poisioning or Hijacking?

Quite simply, when your desktop or any other Internet enabled device wants to talk to another compute or device, you would typically put in the domain name, www.domain.com for instance. If you had ‘recently’ visited this site, then the cache (arp cache) on your machine or server would likely have its IP address. If not then it will ask it’s DNS or Domain Name Server for help. The DNS server will follow the trail to find the target, domain.com’s DNS server – theoretically it will return to you the IP address of domain.com.

In Twitter’s case, the iRANiAN.CYBER.ARMY@… penetrated twitter and replaced their DNS Servers with a choosing of their own. This is done many times in Phishing scams to redirect you to a ‘fake’ but very real looking page. The unsuspecting person browsing would carry on their work (say banking) all the while they are giving the bad guys their real details. A super clever hacker would quietly record this – then log you into the bank – you would never know. They have your passwords,  you are happy. A bad situation.

What is interesting is that it appears that the only redirect was to this stupid page, — complete with their email address (attention google are you looking?) , they could have directed the twittersphere to a malware site (this may have been one), or put up a fake Twitter Login page – to scam user/passwords or more.

That brings me to this – Have you tested the integrity of your DNS on your servers?  Cricket Liu – a recogonized authority on DNS has a set of tools and services available to help you check your site -  you can give your DNS infrastructure a good look – and if you think that you aren’t vulnerable – Twitter was – maybe you should look again.

You can reach Cricket Liu’s site here. And here is a short white paper on DNS to help you have a better understanding on how DNS works.

Tom is a security expert, and he has authored the book Joomla Web Security (Packt) as well as Dodging the Bullets – A Disaster Preparation Guide for Joomla! Based Websites. He offers his services to Joomla and WordPress websites that have been attacked and compromised at JoomlaRescue.com.

Information Security News – Dec 13, 2009

Today’s posting sponsored by:

MessageLabs ’09 Report: Botnets Bounce Back With Sharpened Survival Skills

December 11, 2009
The bad guys sharpened their skills, rather than just relying on large spam runs and malware attacks

Some 132K Websites Hit By New SQL Injection Attack

December 10, 2009
ScanSafe reports widespread attack that continues to grow

New Verizon Business Report Outlines 15 Most Common Attacks

December 9, 2009
Keylogging and spyware are among the most commonly found exploits in breached companies, report says

Need Security? Get the book – Joomla! Web Security

Metasploit Gets New Vulnerabilty Scanning Features

December 1, 2009
Rapid7 takes first step in integrating penetration testing tool with its NeXpose vulnerability scanner, rolls out new free version of NeXpose

Hacker Arrested For Stealing Virtual Assets In Online Game

December 1, 2009
Man allegedly broke into almost 300 RuneScape accounts, police say

Heap Spraying: Attackers’ Latest Weapon Of Choice

November 30, 2009
Difficult to detect reliably, heap spraying was behind an exploit of IE and Adobe Reader

Perimeter E-Security: Top Ten Biggest Security Breaches And Blunders of 2009

November 30, 2009
A common thread between all of these incidents: They could have been avoided

New Exploit Masquerades As Flash Player Upgrade

November 25, 2009
Phishing campaign has hit more than 3.5 million mailboxes, researchers say

Three Indicted For Comcast Site Hack

November 20, 2009
‘Kryogeniks’ gang redirected traffic to its own Web page in 2008

FBI Warns Of Spear Phishing Attacks On U.S. Law Firms and Public Relations Firms

November 18, 2009
Socially engineered e-mail designed to compromise a network by bypassing technological network defenses and exploiting the person at the keyboard

Big-Name Vendors Team On Disaster Preparedness, Recovery

November 17, 2009
IT can play a major role in boosting the effectiveness of response efforts, say alliance sponsors that include Microsoft, Google, Yahoo

D.A. Davidson Breach Case Nears Resolution

November 16, 2009
Judge approves settlement of lawsuit; three Latvian suspects extradited

Conn. AG Investigates Blue Cross Blue Shield Data Breach

November 16, 2009
BC/BS and its related companies Anthem and Empire failed to inform health care providers until late last month, says Connecticut Attorney General Richard Blumenthal

iPhone Targeted Yet Again

November 11, 2009
New hacking tool steals personal data off ‘jailbroken’ iPhones via a wireless network

Alleged $9 Million Hacking Ring Exposed

November 11, 2009
Group broke into credit card systems at RBS Worldpay, DoJ says

MassMutual Warns Of Data Breach

November 10, 2009
Database may have been compromised via third party vendor

Product Watch: Verizon Launches Data Discovery, Identification, And Security Classification Service

November 9, 2009
New service reflects shift to ‘data-centric’ view of security, Verizon says

Gumblar Botnet Resurges

November 6, 2009
Reactivation of Gumblar.cn domain could have ripple effect, researchers say

Spain And United States Top Global Ranking Of Bot-Infected Computers

November 5, 2009
Countries least infected include Peru, the Netherlands, and Sweden

DDoS-As-A-Service Open For Business

November 3, 2009
McAfee report says botnet operators are increasingly contracting out their botnets to distributed denial-of-service attack service providers

Researchers Create Hypervisor-Based Tool For Blocking Rootkits

November 3, 2009
New technology ‘patches’ the operating system kernel, protects it from rootkits

FBI: Fraudulent Automated Clearing House (ACH) Transfers Connected to Malware and Work-at-Home Scams

November 3, 2009
FBI says there’s been a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts

Microsoft Report: Worms Rise, New Vulnerabilities Decline

November 2, 2009
The new Microsoft Security Intelligence Report (SIR) found worm infections nearly doubled, vulnerability counts down by nearly one-third in the first half of 2009

Facebook Phishing Attack Powered By Zeus Botnet, Researchers Say

October 28, 2009
Scam email messages being generated at a rate of 1,000 per minute

Trusteer Discovers Two-Headed Trojan Attack On Banks

October 28, 2009
W32.Silon bypasses security tokens, banking card readers and uses a two-pronged payload to steal login information and commit online financial fraud

Ex-Ford Engineer Indicted For Allegedly Stealing Company Secrets

October 16, 2009
Xiang Dong Yu allegedly copied 4,000 sensitive Ford documents onto a USB drive before leaving the company

DIY: Defending Against A DDoS Attack

October 14, 2009
Proactive self-defense can make DDoS attacks less painful and damaging

‘Operation Phish Phry’ Nets 100 Suspects In Major Bank-Fraud Ring

October 8, 2009
Bust represents largest number of defendants ever charged in a U.S. cybercrime case, FBI says

Breach At Pharmaceutical Benefits Company May Have Affected 700,000

October 5, 2009
FBI investigation of 2008 incident leads Express Scripts to notify hundreds of thousands about potential breach

Report: Most Companies Unprepared For Quick Response To Attack

October 5, 2009
Most companies do not have the capability to determine the full scope of security incidents

Couple’s Lawsuit Against Bank Over Breach To Move Forward

September 23, 2009
Case raises questions about banks’ liability in breach of customers’ online accounts

PCI More Of A ‘Check-Box’ Than Security For Most Retailers

September 23, 2009
New survey shows less than one-third of small businesses are PCI-compliant, while 70 of large businesses are

Cyveillance Disputes Reports Of Phishing Decline

September 22, 2009
Cyveillance detects 176,864 distinct phishing attacks between June and August 2009, one of the highest three-month totals on record

New Free Web Service Confirms Theft Of Your Identity

September 17, 2009
Web-based search service lets individuals check — in detail — whether their personal information has been compromised

New Twitter Security Experiment Goes Live

September 8, 2009
Errata Security’s TwiGUARD service detects Twitter spam, malicious links

‘Freakshow’ Provides Inside Look At Real Malware Behind Big Breaches

August 31, 2009
Forensic specialists who investigated hacks of a hotel chain, casino, and restaurant share details on the sophisticated malware used to successfully steal confidential data

Zeus Trojan Uses IM Speed Distribution Of Stolen Data

August 31, 2009
Jabber IM module built into Trojan sends compromised data quickly to mobile criminals

Attack Of The Tweets: Major Twitter Flaw Exposed

August 27, 2009
U.K. researcher says vulnerability in Twitter API lets an attacker take over a victim’s account — with a tweet

Social Networks Number One Web Attack Target

August 18, 2009
Web Hacking Incidents Database (WHID) report finds that one-fifth of Web incidents were aimed at Web 2.0 sites in the first half of 2009

Mega-Breaches Employed Familiar, Preventable Attacks

August 18, 2009
Alleged mastermind behind Heartland, Hannaford’s, and 7-11 breaches used SQL injection, sniffers, custom malware in attacks

Ukrainian Attackers Use SEO, Fed Forms To Push Scareware To U.S. Users

August 7, 2009
Hackers “hijack” keywords to U.S. federal forms, placing malware at top of search results

Twitter Under DDoS Attack

August 6, 2009
Tweets go silent as microblogging social network site gets downed by a distributed denial-of-service attack; Facebook and LiveJournal also reportedly hit

Weaponizing Apple’s iPod Touch

August 5, 2009
Security expert converts popular music/movie player and browsing device into a penetration testing, hacking tool

Netronome Unveils SSL Inspector Appliance

August 4, 2009
Solution prevents man-in-the-middle attacks by detecting SSL traffic, validating SSL certificates, and stopping connection, if warranted

Hackers Rig ATMs In Las Vegas Hotel, Secret Service Investigating

August 3, 2009
While white-hat hackers were trying to stay one step ahead of the bad guys at Black Hat USA and Defcon, a real computer crime was committed nearby

Astaro Offers SMBs Free Silent Business Audit And Forensic Analysis

July 27, 2009
Offer will demonstrate what spyware and malware is able to get by the organization’s spam filter, and will provide insight into Internet usage trends

FishNet Security Accredited By Visa As Qualified Incident Response Assessor

July 22, 2009
Company can perform forensic investigations and oversee remediation efforts following a payment card data compromise

Hacker Stole Internal Twitter Documents In Targeted Attack On Employee

July 16, 2009
Twitter co-founder blames weak passwords, likens incident to ‘underwear drawer’ being rifled through, while experts question internal security controls

Twitter Suspends User Accounts Infected With Koobface Worm

July 10, 2009
Researchers say worm sends tweets with a variety of URLs that lead victims to malware infection

Bug Now Being Exploited In Microsoft Zero-Day Attacks Was Reported A Year Ago

July 7, 2009
Researchers in 2008 disclosed Windows video control vulnerability that’s now spreading attacks to some .com, .org Websites