A day before Twitter Home page was hacked by some organization calling itself Iranian Cyber Army. Twitter has a clumsy reputation with security issues. Even TechCrunch reported that one of their Admin Interfaces has ‘password’ as the password. This is what the hackers left on the home page.
Twitter was not the only target. There are other anti-government (Iranian Govt) websites operating from within or outside Iran that were hacked too. Yes, of course it’s a Iranian Government handiwork. This is how the attack was carried through.
Unlike most cases of home page defacing the hackers did not gain access to any thing on the hosting server of twitter. Rather they managed to get break into Twitter’s account details on their DNS* provider’s site. Using the registration email they managed to reset the administrator password for the DNS account on Dynect. After that it’s a fairly easy job. All they needed to do was redirect the site to some other hosting provider. In this case it was redirected to some anonymous TOR account.
Hackers also tried to disrupt the twitter apps by manipulating its sub domains too. Normally it takes some where between 30 mins to 4 hours to completely effect a DNS change. But Twitter could fix the issue in less than an hour so most of the changes were not completely effective. Plus app users prefer to use direct IP address rather than domain names so these DNS thing mean nothing to them.
This is a fairly easy way of hacking websites. You need not find loop holes in the technology. You need to exploit common human errors. In this case it was slack email identity protection.
Biz Stone clarified the situation on Twitter blog.
During the attack, we were in direct contact with our DNS provider, Dynect. We worked closely to reset our DNS as quickly as possible. The motive for this attack appears to have been focused on defacing our site, not aimed at users—we don’t believe any accounts were compromised. If you’re concerned that your account could have been affected in some way, feel free to contact us, accountsafe [at] twitter.com.
*(DNS of domain naming service is a established technology of naming an host address like 205.12.23.43 to some thing like mydomainname.com which makes it easy to type and remember.)
