Security News Blog
Up to date Info Sec news – Sponsored by PotentiaHosting.com

Twitter Hacked – DNS hijacked

Twitter Hacked – could it happen to you?

Today’s posting sponsored by:

On 12/17/2008 around 7:00 PM EST , Twitter.com was hacked by a group claiming to be the Iranian Cyber Army. The actual attack was a DNS Hijacking (or DNS Poisoning) that resulted in Twitter Users being directed to a page of their choosing. In this example here is what they posted:

This old school defacement actually was conducted by ‘hijacking’ the sites DNS – how they accomplished this is still unknown, the fact is they did. What exactly is a DNS Poisioning or Hijacking?

Quite simply, when your desktop or any other Internet enabled device wants to talk to another compute or device, you would typically put in the domain name, www.domain.com for instance. If you had ‘recently’ visited this site, then the cache (arp cache) on your machine or server would likely have its IP address. If not then it will ask it’s DNS or Domain Name Server for help. The DNS server will follow the trail to find the target, domain.com’s DNS server – theoretically it will return to you the IP address of domain.com.

In Twitter’s case, the iRANiAN.CYBER.ARMY@… penetrated twitter and replaced their DNS Servers with a choosing of their own. This is done many times in Phishing scams to redirect you to a ‘fake’ but very real looking page. The unsuspecting person browsing would carry on their work (say banking) all the while they are giving the bad guys their real details. A super clever hacker would quietly record this – then log you into the bank – you would never know. They have your passwords,  you are happy. A bad situation.

What is interesting is that it appears that the only redirect was to this stupid page, — complete with their email address (attention google are you looking?) , they could have directed the twittersphere to a malware site (this may have been one), or put up a fake Twitter Login page – to scam user/passwords or more.

That brings me to this – Have you tested the integrity of your DNS on your servers?  Cricket Liu – a recogonized authority on DNS has a set of tools and services available to help you check your site -  you can give your DNS infrastructure a good look – and if you think that you aren’t vulnerable – Twitter was – maybe you should look again.

You can reach Cricket Liu’s site here. And here is a short white paper on DNS to help you have a better understanding on how DNS works.

Tom is a security expert, and he has authored the book Joomla Web Security (Packt) as well as Dodging the Bullets – A Disaster Preparation Guide for Joomla! Based Websites. He offers his services to Joomla and WordPress websites that have been attacked and compromised at JoomlaRescue.com.

Advertisement

No Responses to “Twitter Hacked – DNS hijacked”

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.