

Twitter down; hacked by "Iranian cyber army"? - seldo
http://www.techcrunch.com/2009/12/17/twitter-reportedly-hacked-by-iranian-cyber-army/

======
mahmud
My Farsi sucks (non-existent) but I can understand the text at the bottom of
the following image to mean: "This is a warning to the United States for
interfering with our internal matters".

The rest is an scripture quote ("The partisans of God shall prevail", or
literally, "Hezbollah will win" ;-) and what seems like a stanza from a
nationalist poem.

[http://1.bp.blogspot.com/_xpwq_Sv0p98/SysgktMZ9fI/AAAAAAAAAq...](http://1.bp.blogspot.com/_xpwq_Sv0p98/SysgktMZ9fI/AAAAAAAAAqs/KSoRyYO5WuM/s1600-h/Screen+shot+2009-12-18+at+2.22.23+PM.png)

~~~
gluegadget
It actually reads:

In the name of God.

I, as an Iranian, hack (deface) this website in response to the wrongdoings of
this service provider which are commanded by U.S governors.

~~~
mahmud
I am only an Arabic speaker, this what I see

"Banam Khuda

Beh Inwan Eik Irani dur basikh dakhalat hai shatanat Aamiz ai sarwis dahunda
beh dastur maqat Amrika'i dur amur dakhili kashrum.

Aain sait beh `inwan hashadir hek ma shod"

I just parsed out whatever that seemed most Arabic-like; and that is "Amrika
dur amur dakhili" ;-)

------
tlrobinson
If it was indeed a DNS attack, Twitter is damn lucky it was just a defacement
(assuming it was just a defacement). The attackers very easily could have
phished anyone who logged in on twitter.com without https.

Even worse, any Twitter client which used Basic Auth without SSL would
silently be compromising people's passwords when they auto-refreshed.

~~~
tlrobinson
On second thought, <http://blog.twitter.com/2009/12/dns-disruption.html> says
twitter.com was redirected, yet the API still worked.

Since the API uses the twitter.com domain name, unless I'm missing something
the only way that's possible is if the API was being man-in-the-middled.

Something doesn't add up.

~~~
timdorr
Probably cached DNS. A lot of providers extend the TTL, despite what you have
it set at.

~~~
randallsquared
_A lot of providers extend the TTL, despite what you have it set at._

...which is very annoying when you're moving a business site. :/

~~~
jrockway
Indeed. But the user's ISP is the problem, so technically you are not to
blame.

~~~
randallsquared
Technically true, but it doesn't stop my client from being upset that their
user claims my client's site is down. :)

~~~
jrockway
Indeed. If your site is down because of the user's error, but they can still
get to your competitor's site, then that's bad for you. It might not be your
fault, but you still missed out on a potential sale.

All I can say is that I am glad I do not make money from the availability of
websites :)

~~~
randallsquared
I'm glad that I don't (directly) any more, either. :)

------
Calamitous
Because the best way to destroy the Great Satan is to _keep people from
reading about what I ate for breakfast._

~~~
ivankirigin
Comments like yours are just so tired. Not only does the stream of seemingly
trivial information accumulate into an intimate portrait of the lives of your
friends, but twitter, facebook, and other services were used to straight up
protest a sham election in a totalitarian state.

What the fuck else do you want to see twitter do before you think twice about
one line joke comments that hurt this community?

~~~
Calamitous
Really, the one-liners are a reaction to the inflated importance people assign
to a service which, to my best knowledge, doesn't even have any real plan to
make a sustainable amount of money. Would a serious cyber-terrorist _really_
choose Twitter to establish themselves as a credible threat?

I'd argue that the lampooning of such breathless awe, far from being some
malevolent outside influence which is "hurting" the community, is a part of
the community.

~~~
ivankirigin
Sorry, your comment wasn't witty or original. Sniping, contentless comments
don't belong here, and I'm surprised you're even disagreeing. It's plain to
see your comment wasn't additive.

Twitter is making many millions from their search deals. They may not be worth
a billion dollars, but I'd bet with the current business configuration, they
could become profitable if they focused on it.

What part of "we're focusing on product and growth, not on making money" is
hard to understand? Do you not believe them? Think they're actually pushing
out ad sales and content licensing as hard as they can? Or, more likely,
you're just ignorant of how their business is actually run. Ignorance is
actually a generous term - you might know they're already making money and
willfully ignore it.

I actually agree that twitter's image is inflated. But the US government was
the first to make a move here. They didn't ask facebook to try to stay up
(they didn't need to). I think this response by cyber terrorists (if it isn't
some teenage in ohio) is rational.

It isn't what you were saying that I reacted to particularly, but how you said
it. It would be the equivalent to my just responding "you're obviously an
idiot who doesn't know anything about twitter".

~~~
Calamitous
Mmmm, delicious flamebait. Without wasting too much time, I'll just point out
that such a severe response to a throwaway joke only underscores the original
point I was making.

------
bugs
For all the money invested in twitter and all the people backing it you would
think it would have high enough security measures that this couldn't happen.

Or at the very least they would be monitoring for such intrusions and be able
to stop them quickly.

~~~
borism
Security is expensive.

How long did this last anyway?

------
waterlesscloud
The good news for Twitter is that I keep wanting to go to Twitter to get the
latest news on this hacking. They're my go-to source for breaking news.

~~~
seldo
Yeah, I have no idea how to tell my friends what's going on or find out if
they've heard anything without twitter. I've taken to randomly IMing people.

~~~
instcode
I suggest that you should let them know "Twitter got hacked" via
<http://identi.ca> next time ;-)

~~~
Veera
I came to know about Twitter hack via FriendFeed.

~~~
borism
BBC. I never go to Twitter.com, I use Tweetie.

------
andreyf
API is down, as well. Looks like this isn't just the front page/web layer.

Twitter need to really step up: I can't imagine this is something that
couldn't have been prevented by paying for some security analysis. Considering
their total $155M of funding, I'm shocked this wasn't done. Between their
continuing difficulty scaling, their private documents leak, and now this,
twitter really needs to get their act together.

~~~
spicyj
I wouldn't be surprised if Twitter intentionally disconnected their servers
after discovering the defacement, rather than the hackers having actually
gained access to the whole API layer.

~~~
seldo
Yeah, if I found my boxes had been so totally owned that they could serve
arbitrary content I'd take everything down to protect customers, at least in
the very short term.

Poor Twitter ops; I'm sure they're having a _great_ evening.

~~~
mhartl
I'm pretty sure you meant "had been so totally _pwned_ ". This is the most
serious, total pwnage I've ever seen on the tubes.

------
alex_c
Reddit comment suggesting it was a DNS hack:

[http://www.reddit.com/r/reddit.com/comments/ag0gn/twitter_ha...](http://www.reddit.com/r/reddit.com/comments/ag0gn/twitter_has_been_hacked/c0hdy0s)

~~~
tlrobinson
Official Twitter blog confirming it was a DNS hack:
[http://status.twitter.com/post/288586541/working-on-site-
out...](http://status.twitter.com/post/288586541/working-on-site-outage)

Of course, if their DNS was compromised, status.twitter.com could be
compromised too...

------
seymores
Screenshots. [http://shitmores.blogspot.com/2009/12/twitter-got-
hacked.htm...](http://shitmores.blogspot.com/2009/12/twitter-got-hacked.html)

~~~
drusenko
Interesting to note that the favicon is still there. If it was a DNS attack,
you would assume it wouldn't be there (unless the attackers put it on their
box, which seems not very likely).

Given that and the speed at which the service recovered, I'm going to say it
does not seem like a DNS attack.

~~~
rglullis
Couldn't the favicon be there just because it was previously cached in the
browser?

~~~
drusenko
Very possibly. But AFAIR IE is the only notoriously favicon caching browser,
the rest of them do a good job of updating it often. And the favicon is
showing up in multiple screenshots on both FF and Chrome.

~~~
riffraff
IIRC twitter images are served from S3, so probably just a different dns?

------
dimarco
I laughed when I read this article was retweeted 7 times.

------
niyazpk
I think they are up again. It is working for me at least.

------
dc2k08
mawjcamp.org is an Iranian reformist website based outside of Iran.

~~~
bilbo0s
You know, this is just a thought, but this may have nothing to do with Iran at
its root. Intellectual honesty requires me to admit that, I have absolutely no
hard data to back this up, but please hear me out.

Many people have been wondering, 'Hey, who are these DST guys that are
continuously going long on Facebook at ridiculous valuations?'

'They even let employees at places like Facebook and Zynga cash out early!'

'Gosh, Russian businessmen must be nice.'

Now if I had large sums of money that I wanted laundered, the method right up
there at the top of my list is venture capital firm investing exclusively in
overseas assets. Money is laundered via profitable exits on investments in
foreign countries. In fact, strictly speaking, the exit does not even have to
be profitable.

Unless you are greedy.

Which brings me back to Russian businessmen. Accusing anyone of anything is
not the intention here, but a word of caution to Silicon Valley is in order.
In Russia, business is a game played in somewhat less cordial a fashion. Also
keep in mind that in Russia . . . you stab with a borrowed knife.

I think we can expect many more attacks on Twitter. From hackers claiming to
be 'Chinese', 'Iranian' or 'North Korean'.

~~~
wheels
I'd put much higher odds on this being some disgruntled teen, who may or may
not be Persian and may or may not be in Iran -- you know, like 99.9% of
website defacements.

Do you really think the focus of a cyber ops campaign or anti-competitive
campaign would be ... to put a stupid message on Twitter's website? There are
no doubt cyber ops teams in foreign (and domestic, naturally) intelligence,
but they don't waste their time on shit like this.

~~~
moron4hire
Well, #iranelection was the #1 most popular news topic on Twitter in 2009,
according to their blog (<http://blog.twitter.com/search/label/2009>), so
there is an actual motive available.

~~~
metachor
Regardless of the presence of motive, the execution (i.e. juvenile website
defacement) doesn't exactly imply high-level cyber ops. And an easily fixed
DNS hijack isn't really going to "take twitter out of commission" or whatever
the purpose of this supposed cyber attack would be.

------
dhughes
I liked the "take care" part at the end.

------
nose
Hm, the twitter api wiki has a different opinion
<http://apiwiki.twitter.com/FAQ#IstheTwitterAPIdown>

"Is the Twitter API down? Not likely: Twitter hasn't had more than a couple
minutes of downtime in a while. Requests may lag from time to time, but
chances are pretty good we're not down."

------
naz
<http://search.twitter.com> is still up

------
seldo
As of 11.06pm, it's back for me.

------
ddbb
Some details in here too:

<http://blog.sucuri.net/2009/12/twitter-defacement.html>

------
white_eskimo
this will definitely be interesting to see how it unfolds. Does anyone know if
the SMS messaging infrastructure is still working? Is this just limited to the
Web interface? Is api.twitter.com still up?

I'll be watching [http://groups.google.com/group/twitter-development-
talk?pli=...](http://groups.google.com/group/twitter-development-talk?pli=1)
for interesting comments

~~~
nose
All of their web APIs are down (for me).

------
RK
<http://istwitterdown.com/>

~~~
oscardelben
#fail, it says _no_ but should say _yes_

~~~
tibbon
Well, the site isn't running tests to see if the site that we think of as
twitter is up, just is something responding at that web address- which if
you're seeing the iranian thing, then it is.

Looks like Twitter just took down the entire front page though. Going to be a
late night in California...

~~~
oscardelben
Except that when I ran the test the site was not responding, and many other
services like <http://downforeveryoneorjustme.com/> was telling me that the
website was down for everybody.

------
lucifer
If it was a DNS attack and redirect, then what was the redirected IP?

------
wendroid
Twitter search is now broken

"Older tweets are temporarily unavailable."

where older seems to be > 8 days

------
vaksel
first they hacked our drones, now they hacked twitter...is Google next?

Can you even fathom Google getting hacked.

~~~
mahmud
_first they hacked our drones, now they hacked twitter_

Who is "they"? the drones were hacked by Taliban, twitter by the Iranian Cyber
Army.

~~~
blantonl
The Drones were not "hacked" - they were listened to.

~~~
mahmud
Go ahead and descramble your cable signal, you will be charged with "hacking".
I was just going by the sensationalist label of the act given to it by law-
enforcement, media and the political "establishment".

Similar dilution of the term occurs here on a daily basis.

~~~
btilly
The drone signals were not scrambled. So it seems to me that you're diluting
the term too far.

------
novum
Can we hire the Iranian Cyber Army to hack Facebook and restore some of the
privacy controls?

------
tibbon
Google seems to think that it was someone else according to their Search:

<http://i.imgur.com/xDTET.png>

(Iranian Cyber Army -> Indian Cyber Army)

------
kwamenum86
Can we all comfortably step off of the Twitter bandwagon now that it has lost
momentum? I promise, nobody will get hurt.

~~~
sree_nair
Why do you say the Twitter Bandwagon has lost mometum?.

~~~
riffraff
compete, quantcast and alexa <http://siteanalytics.compete.com/twitter.com/>
<http://www.quantcast.com/twitter.com>
<http://www.alexa.com/siteinfo/twitter.com>

but with all the new deals they got, they are probably going to restart
growing soon. And of course there are lies, damn lies and web-statistics-
selling companies.

