Hackers Hijack DNS, Take Twitter Offline

Article by George Norman (Cybersecurity Editor)

on 18 Dec 2009

For about half an hour today, popular micro-blogging site Twitter was taken offline by a group of hackers calling themselves the Iranian Cyber Army. Visitors to Twitter were redirected to a webpage that presented a green flag and the following message: This site has been hacked by Iranian Cyber Army. It would seem the hackers managed to change Twitter’s DNS (Domain Name System) records, thus redirecting traffic way from the micro-blogging site.

“Twitter's DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we've investigated more fully,” commented Twitter founder Biz Stone.

The compromised DNS records have been fixed and Twitter service is now back to normal.

If DNS hijacking is the reason why users could not access Twitter, then it means the micro-blogging site’s servers may no have been breached by the Iranian Cyber Army, say Graham Cluley, Senior Technology with Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions.

“DNS records work like a telephone book, converting human-readable website names like twitter.com into a sequence on numbers understandable by the internet. What seems to have happened is that someone changed the look-up, so when you entered twitter.com into your browser you were instead taken to a website that wasn't under Twitter's control,” explained Cluley.

Cluley then poses a legitimate question: “how did the hackers manage to change the DNS records for twitter.com?” One theory put forth by the security consultant is that the hackers somehow managed to guess the password and then logged in as Twitter’s DNS records administrators.

It should be mentioned that just because an image says Twitter was hacked by the Iranian Cyber Army, it doesn’t necessarily mean the hackers are connected with Iran. There was no evidence that hackers from Iran are responsible for this incident.

Update 12.21.2009 Biz Stone provided the following comment
: "DNS settings for the Twitter web site were hijacked. From 9:46pm to 11pm PST, approximately 80% of Traffic to Twitter.com was redirected to other web sites. During the attack, we were in direct contact with our DNS provider, Dynect. We worked closely to reset our DNS as quickly as possible. The motive for this attack appears to have been focused on defacing our site, not aimed at users—we don't believe any accounts were compromised. If you're concerned that your account could have been affected in some way, feel free to contact us, accountsafe [at] twitter.com."



Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all