Twitter Troubled by Hackers

Earlier this morning, hackers calling themselves the "Iranian Cyber Army" were successfully able to redirect Twitter's normal Web traffic to another site. Visitors expecting the Twitter homepage instead found the following:

"a black screen with an image of a green flag and Arabic writing. The defaced site also included a message that said, 'This site has been hacked by Iranian Cyber Army,' and an e-mail address."

The hackers were able to do this by changing Domain Name System (DNS) records, redirecting traffic intended for Twitter to this dummy site. Twitter has restored the proper DNS records but is still working to identify the cause of this problem. One account of the story from Twitter claims that Twitter's systems may have never been compromised at all; instead, it lays blame on Dyn, the DNS service provider managing the site.

In this sort of attack, hackers are somehow able to infiltrate firewalls and other defenses to switch IP addresses and domains. DNS occurs at the network layer of the OSI model, so attacks can come from wireless security weaknesses as well. It is the trustworthy nature of the DNS protocol that allows such attacks to occur, listening to commands whether or not they are authentic.

While information security specialists have attempted to patch the problem with DNS, the fact that it is inherent in DNS protocol makes it difficult. One way to ensure one is heading to the right site, or for a business to make sure things are as they should be, is to use software to monitor the domain. This software can notify if a change has been made in relation to the IP address of the server. Also, one can make sure they are connected to an authentic, protected DNS server, such as OpenDNS.

Sources:
http://www.pcworld.com/businesscenter/article/185058/hackers_take_twitter_offline.html
http://www.embracingchaos.com/2008/07/how-to-protect.html
http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky