The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security.
New details about the attack
that disrupted Twitter Dec. 17
have begun to emerge.
According to Twitter, the DNS (Domain Name System) settings for Twitter.com
were hijacked, resulting in roughly 80 percent of the traffic from the site
being redirected elsewhere from 9:46 p.m.
to 11 p.m. PST.
Apparently, the attackers got their hands on a valid set of Twitter
credentials and used them to compromise the DNS records. A spokesperson for
Dyn, the DNS company that services Twitter,
an authenticated user logged into the Dynect platform and redirected the site.
None of Dyn's other customers were affected, the spokesperson said.
"During the attack, we were in direct contact with our DNS provider,
Dynect (Dyn)," blogged Twitter
co-founder Biz Stone.
"We worked closely to reset our DNS as quickly
as possible. The motive for this attack appears to have been focused on
defacing our site, not aimed at users-
don't believe any accounts were compromised."
Twitter users were redirected to a page that read: "Iranian
Cyber Army ... This Website Has Been Hacked by Iranian
The attack put a spotlight on DNS
According to Rick Howard, director of security intelligence at
VeriSign iDefense, DNS is often overlooked from a security perspective in favor
of application and operating system vulnerabilities, though in his opinion
enterprises are less likely to allow recursive DNS queries than a few years ago
due to increased awareness of the problems
that can arise.
"Few [enterprises] have in-house DNS experts or dedicated staff, yet
nearly all their Internet communication heavily relies on the DNS system,"
"Basic DNS monitoring is sorely lacking," he continued. "While
enterprises may monitor DNS availability, and are increasingly aware of DDoS [distributed
denial of service] attacks targeting domain name servers, simple monitoring for
DNS integrity is often overlooked. Enterprises should also pay attention to the
rollout of DNSSEC, which mitigates some attacks, but is not yet widely
Enterprise DNS services will come under more pressure as targeted attacks
against businesses and governments increase, said Ray Dickenson, CTO
"Motivations for criminals and other malicious operators to attack
companies include stealing intellectual property and cyber-extortion that
involves threats to reveal sensitive information or otherwise embarrass a
company or brand unless money is paid," Dickenson said.
When it comes to popular Web
2.0 sites like Twitter,
it can be expected that attackers will increasingly
paint a bull's-eye on them as a means of spreading political messages, noted
Dave Marcus, director of Security Research and Communications at McAfee.
"The larger trend behind this attack is hacktivism-activist groups want
millions of people across the world to see their message, and this time they
did it by architecting a redirect on Twitter, causing the Website to suffer
downtime," Marcus said.