Twitter, the popular micro-blogging network, welcomed visitors on Thursday night with a page claiming that the site had been hacked by a defacers with links to Iran.
In reality, the company's domain name had been hijacked by the vandals and visitors redirected to an unrelated site hosting the page. Passive domain-name service (DNS) records showed the DNS poisoning, as Twitter's record pointed first to two domains registered in Moldova and then to a domain registered to an undisclosed person in Pompano Beach, Florida, according to information posted by the SANS Internet Storm Center.
"Twitters DNS records were temporarily compromised but have now been fixed," the site administrators' wrote at 11:28 p.m. PT. "We are looking into the underlying cause and will update with more information soon."
The popularity of the social networking service has made it a target of hackers and a focus of security researchers this year. In August, a botnet targeted both Twitter and Facebook with a distributed denial-of-service attack. The micro-blogging service has also had to contend with the spreading of worms, the exploitation of a security vulnerability, and the use of its network as a command-and-control channel.
Thursday's defacement claimed to be done by the "Iranian Cyber Army," but another message -- translated from Farsi by Google's automated translation engine -- reportedly claimed the attack was motivated by the U.S. and Twitter's interference in "my country," suggesting the attacker was an individual.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos