Report: Security Breach Behind Twitter Outage Did Not Originate with New Hampshire DNS Provider

12/18/09Follow @wroush

A hacker attack on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users late Thursday, directing them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc. But according to information obtained by Xconomy, the breach that apparently gave hackers access to the site did not occur at Dyn, and may in fact be traceable to a security hole at Twitter or at some other point of access.

The DNS is a global, distributed system that translates websites’ familiar alphanumeric names, such as www.twitter.com, into Internet Protocol addresses that can be used by Web servers and Internet routers to deliver Web pages to people who request them. Many companies, including Twitter, outsource DNS services to specialized providers such as Dyn, whose computers are especially fast at resolving URLs into IP addresses. “The DNS is critical for the Internet infrastructure,” says Phil Jacob, founder and CEO of Cambridge, MA-based product recommendation site Stylefeeder, which is also a Dyn client.

Jacob says Dyn executives filled him in today about the crisis at Twitter after he requested a briefing. From what he learned, he says, he is satisfied that the episode is not a sign of any weakness in Dyn’s security procedures.

Kyle York, vice president of sales and marketing at Dyn, said he was limited in what he could say about the incident on the record. “This was an isolated incident,” York says. “No unauthenticated user account accessed Twitter’s Dynect Platform account. Dyn Inc is working with Twitter and the authories in an investigation on the issue.”

Reading between the lines, York’s statement would seem to suggest that Twitter’s account at Dyn was accessed by hackers who appeared to have proper authorization—perhaps meaning a pilfered password. This apparently gave the hackers the ability to implement a “redirect” that caused Twitter’s domain name to resolve, temporarily, to an incorrect Internet address (the address of the Iranian Cyber Army page).

The hackers did not have access to any other account, York said. “At no time was DNS not resolving on the global network. This was an isolated incident just to Twitter, not a problem that affected any other Dyn users.”

Stylefeeder’s Jacob said he wasn’t satisfied after reading media accounts of the outage this morning. “I saw this news this morning, and I was like,’Whoa, what’s up with that?,’ because Stylefeeder uses Dynect [Dyn’s DNS platform] and obviously, since this is the holiday shopping season, something like that happening to us would not be favorable,” Jacob says. “I immediately contacted [Dyn], and they provided me with extra information that is not publicly available, because I am a Dynect customer. And without violating other clients’ confidentiality, they gave me some extra insight into what occurred, which to my mind, put to rest that the problem lay not with Dynect but elsewhere—but not necessarily with Twitter.”

“I don’t think that this story is being well told,” Jacob continues. “The press today is basically saying that Twitter had a DNS problem, and here is their DNS provider, so it’s their fault. And that is not actually the case.”

Jacob said he has no information about the exact chain of events that led to the compromise. But he suggested that it might be the result of lax security standards at Twitter, perhaps a holdover from the young company’s early days as a startup undergoing rapid growth.

“While I understand that it’s hard for a growing organization to make sure their systems are secured properly, I think that Twitter is at the point now of being a top-10 website, where they ought to be able to avoid problems like this, especially given the resources they have,” Jacob said.

At the same time, he said, “I would feel strongly about noting that the people who are running Twitter now are very capable, and this is unfortunately just one of those holes that they probably didn’t yet get around to fixing.”

A spokesperson for Twitter didn’t immediately respond to a request for comment.

Wade Roush is a contributing editor at Xconomy. Follow @wroush

By posting a comment, you agree to our terms and conditions.