Twitter's own account used for hijack, says DNS provider

Hackers redirected Twitter.com's traffic to a rogue Web site last week by accessing its DNS records using an account assigned to Twitter.

Share

Hackers redirected Twitter.com's traffic to a rogue Web site last week by accessing its DNS records using an account assigned to Twitter.

That is the claim of thecompany that manages Twitter's DNS (Domain Name System) servers.

Twitter initially blamed the hour-long blackout of its site on changes made to the company's DNS records, which act like a telephone directory to match the twitter.com domain name with the IP addresses used by its servers.

"Twitter's DNS records were temporarily compromised, but have now been fixed," the company said on its service status page at 2:30 a.m. ET. "We are looking into the underlying cause and will update with more information soon." The status page has not been revised with more information since then.

Twitter uses a New Hampshire firm, Dyn Inc., to manage its DNS records, which match Twitter's domain name (twitter.com, and numerous others) with the IP addresses of its servers.

After the breach Dyn denied that its infrastructure had been hacked. Last Friday, Tom Daly, Dyn's chief technology officer, told the Washington Post it appeared someone changed Twitter's DNS records to point visitors to a different IP address using the proper account credentials assigned to Twitter.

"Someone logged in who purported to be a legitimate user of their [DNS] platform account and started making changes," Daly said. "It was not a failing on our systems whatsoever."

Kyle York, Dyn's vice president of marketing, made the same point in an interview with Computerworld . "No unauthenticated e-mail address associated with the account accessed the [Twitter] account," York maintained. "This was not an unauthorised breach of our system."

When asked whether the Twitter account had been used by someone authorised to do so, or if those account credentials had been pilfered by hackers, York declined to answer directly. "You'll have to read between the lines," he said. However, he did point to a tweet on Dyn's own Twitter feed as having the right explanation.

That tweet referenced a story on The Tech Herald, which used the clues available, including Dyn's public statements, to suggest that someone compromised a Twitter staffer's e-mail account, presumably via malware, or through a standard phishing-style identity theft attack.

Find your next job with computerworld UK jobs