Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
🚀 Google AI PRO – 18 Months | Rs. 850 Only
lkkolla
Updated:
Today at 4:56 PM
🔒 NordVPN Premium – 3 Months
hrdilshan
Updated:
Thursday at 8:29 PM
🚀 Microsoft Office 365 Pro Plus – Lifetime Access! 🚀
hrdilshan
Updated:
Thursday at 8:28 PM
Linkedin Premium Business / Careere /Sales Navigator - 1/2/3/6/9/12 Months - Reddem Link
hrdilshan
Updated:
Thursday at 8:27 PM
Colombo
YEYE 3 in 1 Instant Coffee Mix 50 Sachet
Romeshka
Updated:
Wednesday at 12:16 AM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
News
Twitter Hacked, Defaced by "Iranian Cyber Army"
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="R_L" data-source="post: 6142009" data-attributes="member: 16427"><p><img src="http://i50.tinypic.com/29777t.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>The popular microblogging site Twitter was briefly shut down after a group apparently calling themselves the Iranian Cyber Army launched attack on the site.</p><p></p><p>The message read:</p><p></p><p> </p><p>A google search on the site brought up this:</p><p></p><p><img src="http://i49.tinypic.com/10d5y7q.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>The translation from Farsi/Persian reads:<p style="margin-left: 20px">“In the name of God, As an Iranian this is a reaction to Twitter’s interference sly which was U.S. authorities ordered in the internal affairs of my country…”</p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px"></p> <p style="margin-left: 20px"></p><p>Technology blogs including TechCrunch said Twitter went down around 06:00 GMT for about an hour.</p><p></p><p>Biz Stone <a href="http://blog.twitter.com/2009/12/dns-disruption.html" target="_blank">blogged<img src="http://i.ixnp.com/images/v6.18/t.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></a>:<p style="margin-left: 20px">As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.</p> <p style="margin-left: 20px"></p><p>Background Articles:</p><p></p><ul> <li data-xf-list-type="ul"><a href="http://www.techcrunch.com/2009/12/18/twitter-dns-attack-iran/" target="_blank">Twitter Hack: Part of Broader Iranian Strategy</a></li> <li data-xf-list-type="ul"><a href="http://english.aljazeera.net/news/middleeast/2009/12/20091218132325311321.html" target="_blank">Al-Jazeera Article</a></li> <li data-xf-list-type="ul"><a href="http://news.google.com/news/url?sa=t&ct2=us%2F0_0_s_7_0_t&usg=AFQjCNH0gC75syjbs06PilR4e13mWsT-eg&cid=0&ei=i2IsS-D9H9aIkAX6zcD0AQ&rt=SEARCH&vm=STANDARD&url=http%3A%2F%2Fwww.reuters.com%2Farticle%2FidUSN1823149420091218%3Ftype%3DmarketsNews" target="_blank">Reuters Link</a></li> </ul><p></p><p></p><p><span style="font-size: 18px"><strong>How It Happened???</strong></span> <strong><span style="font-size: 18px">What Happened???</span></strong></p><p></p><p><strong><a href="http://www.mediabistro.com/Rod-Rasmussen-profile.html" target="_blank">Rod Rasmussen</a></strong>, president and CTO of cyber-safety firm <a href="http://www.internetidentity.com/Home.html" target="_blank">Internet Identity</a> and a recognized authority on DNS abuse gave his views. His company happened to be monitoring Twitter (among many other sites) last night, and has a complete record of what transpired.</p><p></p><p>DNS stands for Domain Name Service, which essentially connects the IP addresses of Web sites (which are numerical) to the names seen in URLS (such as <a href="http://www.twitter.com" target="_blank">www.twitter.com</a>). <strong><u>It wasn't Twitter's infrastructure that was hacked, it was its DNS -- which ceased pointing those who typed in Twitter addresses (including help.twitter.com, blog.twitter.com, postmaster.twitter.com and many others) to the site they intended to reach, and instead sent them to one of four servers hosting the propaganda page in question</u></strong>.</p><p></p><p>"There are a couple reasons (for hackers to use) multiple IP addresses in a case like this," said Rasmussen. "First, you can change IP addresses very quickly to avoid detection, which makes it harder to shut things down. Also, because they knew they'd hit so much traffic from Twitter, it kept them from getting overloaded."</p><p></p><p>The ISPs -- all four of which are located in the United States -- "look like they're all large, virtual hosting servers that have lots of Web sites on them," said Rasmussen. "There's some speculation that somebody's site got hacked into, but I'm guessing they used stolen credentials to set up an account that would service Twitter. Either way they were fairly large boxes that support many sites, and so have good bandwidth and strength to be able to handle a big hit."</p><p></p><p> Rasmussen points out that no matter how much security a Web site has, DNS vulnerabilities are far easier to exploit. He points to a situation last year in which CheckFree's customers <a href="http://news.cnet.com/8301-1009_3-10113790-83.html" target="_blank">were redirected to a faux site</a> in the Ukraine that spread malware.</p><p></p><p> "It is," he said, "a soft underbelly for pretty much everybody on the Web."</p><p> Internet Identity's records of what happened via which ISP are as follows:<p style="margin-left: 20px">2009-12-17 22:01 (PST) 2009-12-18 06:01 UTC <a href="http://www.twitter.com" target="_blank">www.twitter.com</a>, twitter.com A Records pointed to 74.217.128.160 (presumably all subdomains as well given the other DNS hits) 2009-12-17 22:14 (PST) 2009-12-18 06:14:20 UTC</p> <p style="margin-left: 20px">twitter.com A Records pointed to 69.59.28.85</p> <p style="margin-left: 20px"> 2009-12-17 22:24 (PST) 2009-12-17 06:24 UTC</p> <p style="margin-left: 20px">twitter.com A Records pointed to 66.147.242.88</p> <p style="margin-left: 20px"> 2009-12-17 23:11 (PST) 2009-12-18 07:11 UTC</p> <p style="margin-left: 20px">A Records corrected and pointing back to allowed range for resolution (they round robin to several IPs it appears)</p> <p style="margin-left: 20px"> The nameserver entries for twitter.com remained correct throughout the event (thus no evidence of take-over at the registrar).</p> <p style="margin-left: 20px"></p><p>How the Iranian group got Twitter's DNS password is another matter. </p><p> "I'm assuming they got hold of a username and password," he said. "Twitter didn't get hacked, so there's no official data breach. . . . In a company like that, there are probably dozens of people who use dozens of passwords. Whether it was social engineered or whether it was malware taken from people's laptops is unclear. It could have been somebody's Gmail account that got compromised for all I know. But the information was still lost." </p><p></p><p><span style="font-size: 10px"><em>Source: <a href="http://www.mediabistro.com/baynewser/twitter/some_technical_details_of_last_nights_iranian_twitter_hack_146587.asp" target="_blank">MediaBistro.com</a></em></span></p><p></p><p></p><p></p><p><span style="font-size: 18px"><strong>Anatomy of Attack</strong></span></p><p></p><p>The incident last night was perpetrated by a group called the Iranian Cyber Army – and we have been told that this group is working with the Iranian government. The attack occurred at the same time as a number of other diplomatic incidents, including the escalation of diplomatic hostilities between Iran and the US/EU as well as an incursion by Iranian troops into a disputed border area containing an oil field. The defacement was carried out by hijacking the servers hosting the DNS records for the twitter.com domain (this is the server that maps the domain name to an IP address). The attackers modified the DNS records to point to an IP address with a web server hosting the defacement page. The twitter.com domain (registered with NetworkSolutions) was not hijacked, nor were its records altered.</p><p></p><p> <u><strong>The DNS records for Twitter are hosted at <a href="http://dyn.com/" target="_blank">Dyn</a></strong></u>. A company that provides DNS hosting for over 100,000 domain names and provides other services for companies. We have been told, but have yet to confirm, that the account password recovery feature was used to reset the password for the Twitter account at Dyn. When we checked the password recovery page, it contains a request to contact Dyn directly – there is no form of any type. We have not been able to confirm is there was an automated process at this page which has since been taken down.</p><p></p><p>To reset the password to gain access to the account hosting DNS records, the attacker had access to the email address associated with the account. <strong>Twitter hosts all email on <u>Google Apps for Domain</u>, which played a central role in the previous attack on Twitter not because of any vulnerability within the application itself, but because of a lapse in password policies which lead to a minor account being compromised, which lead to other accounts being compromised</strong>.</p><p></p><p> The attackers gained access to the Twitter account at Dyn, and changed the DNS records for Twitter.com to point to an IP address that was on the anonymous Tor network. The attackers seemed to have changed all the records at Twitter.com, including sub-domains used for the API, the status page, etc. but because of varying caching levels and the fact that some clients were using a direct IP address not all services were affected immediately.</p><p></p><p> For most users the main Twitter web application was displaying the defacement page for just under an hour.</p><p></p><p> This type of attack is not very sophisticated, but it is extremely effective. It was not a direct vulnerability with the DNS server but rather with the accounts system and email addresses. While the Twitter application was not compromised, desktop applications and websites that directly send a users username and password back to Twitter over plain HTTP would have sent this information to the attackers IP address, from where it could easily have been harvested. </p><p></p><p> The solution to similar problems revolves around the management of account passwords, especially with critical services such as DNS hosting. Further, since the status page for Twitter was hosted on the same domain as the main site, it was also inactive during the period of time that the defacement was up on the site and for a short time afterwards while Twitter responded to the attack.</p><p></p><p><span style="font-size: 10px">Source: <em><a href="http://www.techcrunch.com/2009/12/18/anatomy-twitter-attack-2-dns-iran/" target="_blank">TechCrunch.com</a></em></span></p><p></p><p></p><p></p><p></p><p><span style="font-size: 18px"><strong>Important Part from CNN Report:</strong></span></p><p></p><p> "The group claiming responsibility for the Twitter hacking is previously unknown, but its symbols would be familiar to anyone looking at radical (Web) sites," said Octavia Nasr, CNN's senior editor for Middle East affairs.</p><p> "The hackers are definitely Shiites, as indicated by the 'Ya Hussein' chant printed on their banner," she said.</p><p></p><p>"The group also uses Arabic in their text, a clear indication of collaboration with Arabic groups. Hezbollah is a Lebanese Shiite militia with ideological, political and military ties to Iran. The same name is also used by a group inside Iran."</p><p></p><p> She added, "This week's (revelation of) successful hacking of U.S. predator drone feeds by Iranian-backed Shiite militants adds another level of sophistication toward the hacking effort."</p><p></p><p> <strong>Twitter became unwittingly involved in Iranian politics last summer.</strong></p><p> <strong>When Iran's disputed presidential election spiraled into bloody protests, the opposition used Twitter and other social networking sites to inform the world.</strong></p><p></p><p> Protesters beamed images from the violent demonstrations at a time when mainstream media were given almost no access to the demonstrations.</p><p> Twitter became so fundamental in spreading news of the protests that the U.S. State Department asked the company to delay a planned shutdown for maintenance.</p><p></p><p><span style="font-size: 10px"><em>Source: <a href="http://www.cnn.com/2009/TECH/12/18/twitter.hacked/index.html" target="_blank">Cnn.com (Tech News)</a></em></span></p><p></p><p></p><p></p><p><span style="font-size: 18px"><strong>Another Site Hacked by Iranian Cyber Army </strong></span></p><p></p><p>They seemed to have hacked another site just the same way.</p><p><a href="http://www.mowjcamp.com/" target="_blank">http://www.mowjcamp.com/</a></p><p></p><p>According to reports, this is an opposition site which opposes the Iranian President.</p><p></p><p>They have set up at a temporary site at <a href="http://www.mowjcamp.ws/" target="_blank">http://www.mowjcamp.ws/</a> and have apparently informed they cannot continue their work because of the hack attack.</p><p></p><p></p><p>------------------</p><p></p><p>If Twitter which is one of the most visited websites in the world can get its DNS rerouted so badly... Thawa wena mona kathada.. <img src="/styles/default/xenforo/smilies/default/shocked.gif" class="smilie" loading="lazy" alt=":shocked:" title="Shocked :shocked:" data-shortname=":shocked:" /></p></blockquote><p></p>
[QUOTE="R_L, post: 6142009, member: 16427"] [IMG]http://i50.tinypic.com/29777t.jpg[/IMG] The popular microblogging site Twitter was briefly shut down after a group apparently calling themselves the Iranian Cyber Army launched attack on the site. The message read: A google search on the site brought up this: [IMG]http://i49.tinypic.com/10d5y7q.jpg[/IMG] The translation from Farsi/Persian reads:[INDENT]“In the name of God, As an Iranian this is a reaction to Twitter’s interference sly which was U.S. authorities ordered in the internal affairs of my country…” [/INDENT]Technology blogs including TechCrunch said Twitter went down around 06:00 GMT for about an hour. Biz Stone [URL="http://blog.twitter.com/2009/12/dns-disruption.html"]blogged[IMG]http://i.ixnp.com/images/v6.18/t.gif[/IMG][/URL]:[INDENT]As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully. [/INDENT]Background Articles: [LIST] [*][URL="http://www.techcrunch.com/2009/12/18/twitter-dns-attack-iran/"]Twitter Hack: Part of Broader Iranian Strategy[/URL] [*][URL="http://english.aljazeera.net/news/middleeast/2009/12/20091218132325311321.html"]Al-Jazeera Article[/URL] [*][URL="http://news.google.com/news/url?sa=t&ct2=us%2F0_0_s_7_0_t&usg=AFQjCNH0gC75syjbs06PilR4e13mWsT-eg&cid=0&ei=i2IsS-D9H9aIkAX6zcD0AQ&rt=SEARCH&vm=STANDARD&url=http%3A%2F%2Fwww.reuters.com%2Farticle%2FidUSN1823149420091218%3Ftype%3DmarketsNews"]Reuters Link[/URL] [/LIST] [SIZE=5][B]How It Happened???[/B][/SIZE] [B][SIZE=5]What Happened???[/SIZE][/B] [B][URL="http://www.mediabistro.com/Rod-Rasmussen-profile.html"]Rod Rasmussen[/URL][/B], president and CTO of cyber-safety firm [URL="http://www.internetidentity.com/Home.html"]Internet Identity[/URL] and a recognized authority on DNS abuse gave his views. His company happened to be monitoring Twitter (among many other sites) last night, and has a complete record of what transpired. DNS stands for Domain Name Service, which essentially connects the IP addresses of Web sites (which are numerical) to the names seen in URLS (such as [URL="http://www.twitter.com"]www.twitter.com[/URL]). [B][U]It wasn't Twitter's infrastructure that was hacked, it was its DNS -- which ceased pointing those who typed in Twitter addresses (including help.twitter.com, blog.twitter.com, postmaster.twitter.com and many others) to the site they intended to reach, and instead sent them to one of four servers hosting the propaganda page in question[/U][/B]. "There are a couple reasons (for hackers to use) multiple IP addresses in a case like this," said Rasmussen. "First, you can change IP addresses very quickly to avoid detection, which makes it harder to shut things down. Also, because they knew they'd hit so much traffic from Twitter, it kept them from getting overloaded." The ISPs -- all four of which are located in the United States -- "look like they're all large, virtual hosting servers that have lots of Web sites on them," said Rasmussen. "There's some speculation that somebody's site got hacked into, but I'm guessing they used stolen credentials to set up an account that would service Twitter. Either way they were fairly large boxes that support many sites, and so have good bandwidth and strength to be able to handle a big hit." Rasmussen points out that no matter how much security a Web site has, DNS vulnerabilities are far easier to exploit. He points to a situation last year in which CheckFree's customers [URL="http://news.cnet.com/8301-1009_3-10113790-83.html"]were redirected to a faux site[/URL] in the Ukraine that spread malware. "It is," he said, "a soft underbelly for pretty much everybody on the Web." Internet Identity's records of what happened via which ISP are as follows:[INDENT]2009-12-17 22:01 (PST) 2009-12-18 06:01 UTC [URL="http://www.twitter.com"]www.twitter.com[/URL], twitter.com A Records pointed to 74.217.128.160 (presumably all subdomains as well given the other DNS hits) 2009-12-17 22:14 (PST) 2009-12-18 06:14:20 UTC twitter.com A Records pointed to 69.59.28.85 2009-12-17 22:24 (PST) 2009-12-17 06:24 UTC twitter.com A Records pointed to 66.147.242.88 2009-12-17 23:11 (PST) 2009-12-18 07:11 UTC A Records corrected and pointing back to allowed range for resolution (they round robin to several IPs it appears) The nameserver entries for twitter.com remained correct throughout the event (thus no evidence of take-over at the registrar). [/INDENT]How the Iranian group got Twitter's DNS password is another matter. "I'm assuming they got hold of a username and password," he said. "Twitter didn't get hacked, so there's no official data breach. . . . In a company like that, there are probably dozens of people who use dozens of passwords. Whether it was social engineered or whether it was malware taken from people's laptops is unclear. It could have been somebody's Gmail account that got compromised for all I know. But the information was still lost." [SIZE=2][I]Source: [URL="http://www.mediabistro.com/baynewser/twitter/some_technical_details_of_last_nights_iranian_twitter_hack_146587.asp"]MediaBistro.com[/URL][/I][/SIZE] [SIZE=5][B]Anatomy of Attack[/B][/SIZE] The incident last night was perpetrated by a group called the Iranian Cyber Army – and we have been told that this group is working with the Iranian government. The attack occurred at the same time as a number of other diplomatic incidents, including the escalation of diplomatic hostilities between Iran and the US/EU as well as an incursion by Iranian troops into a disputed border area containing an oil field. The defacement was carried out by hijacking the servers hosting the DNS records for the twitter.com domain (this is the server that maps the domain name to an IP address). The attackers modified the DNS records to point to an IP address with a web server hosting the defacement page. The twitter.com domain (registered with NetworkSolutions) was not hijacked, nor were its records altered. [U][B]The DNS records for Twitter are hosted at [URL="http://dyn.com/"]Dyn[/URL][/B][/U]. A company that provides DNS hosting for over 100,000 domain names and provides other services for companies. We have been told, but have yet to confirm, that the account password recovery feature was used to reset the password for the Twitter account at Dyn. When we checked the password recovery page, it contains a request to contact Dyn directly – there is no form of any type. We have not been able to confirm is there was an automated process at this page which has since been taken down. To reset the password to gain access to the account hosting DNS records, the attacker had access to the email address associated with the account. [B]Twitter hosts all email on [U]Google Apps for Domain[/U], which played a central role in the previous attack on Twitter not because of any vulnerability within the application itself, but because of a lapse in password policies which lead to a minor account being compromised, which lead to other accounts being compromised[/B]. The attackers gained access to the Twitter account at Dyn, and changed the DNS records for Twitter.com to point to an IP address that was on the anonymous Tor network. The attackers seemed to have changed all the records at Twitter.com, including sub-domains used for the API, the status page, etc. but because of varying caching levels and the fact that some clients were using a direct IP address not all services were affected immediately. For most users the main Twitter web application was displaying the defacement page for just under an hour. This type of attack is not very sophisticated, but it is extremely effective. It was not a direct vulnerability with the DNS server but rather with the accounts system and email addresses. While the Twitter application was not compromised, desktop applications and websites that directly send a users username and password back to Twitter over plain HTTP would have sent this information to the attackers IP address, from where it could easily have been harvested. The solution to similar problems revolves around the management of account passwords, especially with critical services such as DNS hosting. Further, since the status page for Twitter was hosted on the same domain as the main site, it was also inactive during the period of time that the defacement was up on the site and for a short time afterwards while Twitter responded to the attack. [SIZE=2]Source: [I][URL="http://www.techcrunch.com/2009/12/18/anatomy-twitter-attack-2-dns-iran/"]TechCrunch.com[/URL][/I][/SIZE] [SIZE=5][B]Important Part from CNN Report:[/B][/SIZE] "The group claiming responsibility for the Twitter hacking is previously unknown, but its symbols would be familiar to anyone looking at radical (Web) sites," said Octavia Nasr, CNN's senior editor for Middle East affairs. "The hackers are definitely Shiites, as indicated by the 'Ya Hussein' chant printed on their banner," she said. "The group also uses Arabic in their text, a clear indication of collaboration with Arabic groups. Hezbollah is a Lebanese Shiite militia with ideological, political and military ties to Iran. The same name is also used by a group inside Iran." She added, "This week's (revelation of) successful hacking of U.S. predator drone feeds by Iranian-backed Shiite militants adds another level of sophistication toward the hacking effort." [B]Twitter became unwittingly involved in Iranian politics last summer.[/B] [B]When Iran's disputed presidential election spiraled into bloody protests, the opposition used Twitter and other social networking sites to inform the world.[/B] Protesters beamed images from the violent demonstrations at a time when mainstream media were given almost no access to the demonstrations. Twitter became so fundamental in spreading news of the protests that the U.S. State Department asked the company to delay a planned shutdown for maintenance. [SIZE=2][I]Source: [URL="http://www.cnn.com/2009/TECH/12/18/twitter.hacked/index.html"]Cnn.com (Tech News)[/URL][/I][/SIZE] [SIZE=5][B]Another Site Hacked by Iranian Cyber Army [/B][/SIZE] They seemed to have hacked another site just the same way. [URL]http://www.mowjcamp.com/[/URL] According to reports, this is an opposition site which opposes the Iranian President. They have set up at a temporary site at [URL]http://www.mowjcamp.ws/[/URL] and have apparently informed they cannot continue their work because of the hack attack. ------------------ If Twitter which is one of the most visited websites in the world can get its DNS rerouted so badly... Thawa wena mona kathada.. :shocked: [/QUOTE]
Insert quotes…
Verification
Haya warak paha keeyada? (haya wadi kireema paha)
Post reply
Top
Bottom