Report: Security Breach Behind Twitter Outage Did Not Originate with New Hampshire DNS Provider

12/18/09Follow @wroush

A hacker attack on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users late Thursday, directing them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc. But according to information obtained by Xconomy, the breach that apparently gave hackers access to the site did not occur at Dyn, and may in fact be traceable to a security hole at Twitter or at some other point of access.

The DNS is a global, distributed system that translates websites’ familiar alphanumeric names, such as www.twitter.com, into Internet Protocol addresses that can be used by Web servers and Internet routers to deliver Web pages to people who request them. Many companies, including Twitter, outsource DNS services to specialized providers such as Dyn, whose computers are especially fast at resolving URLs into IP addresses. “The DNS is critical for the Internet infrastructure,” says Phil Jacob, founder and CEO of Cambridge, MA-based product recommendation site Stylefeeder, which is also a Dyn client.

Jacob says Dyn executives filled him in today about the crisis at Twitter after he requested a briefing. From what he learned, he says, he is satisfied that the episode is not a sign of any weakness in Dyn’s security procedures.

Kyle York, vice president of sales and marketing at Dyn, said he was limited in what he could say about the incident on the record. “This was an isolated incident,” York says. “No unauthenticated user account accessed Twitter’s Dynect Platform account. Dyn Inc is working with Twitter and the authories in an investigation on the issue.”

Reading between the lines, York’s statement would seem to suggest that Twitter’s account at Dyn was accessed by hackers who appeared to have proper authorization—perhaps meaning a pilfered password. This apparently gave the hackers the ability to implement a “redirect” that caused Twitter’s domain name to resolve, temporarily, to an incorrect Internet address (the address of the Iranian Cyber Army page).

The hackers did not have access to any … Next Page »

Wade Roush is a contributing editor at Xconomy. Follow @wroush

Single Page Currently on Page: 1 2

By posting a comment, you agree to our terms and conditions.