‘Cyber Army’ Attacks Twitter, Iran Green Movement Site

screen shot

Screen shot of www.mowjcamp.org, the English-language Web site of Iran’s Green Movement, taken at 8:22 am PT on Friday. This is the same image that appeared earlier on Twitter.
(click image to enlarge)

Twitter had a service outage Friday morning because its DNS servers were compromised. It was done by a hacker or group of hackers self-identified as the “Iranian Cyber Army.”

The group also took over the Iranian opposition Web site mowjcamp.org, the official Web site of the Green Movement. The Green Movement’s opposition to the outcome of Iran’s presidential election earlier this year lead to nationwide protests that were extensively chronicled in Twitter.

Twitter is investigating the issue, said company cofounder Biz Stone. At press time, Twitter was back up and running, but the mowjcamp.org site was not.

What Happened at Twitter?

Twitter’s records were compromised last night, but they had been fixed by the time Stone posted comments at 11:43 p.m. Pacific time on his blog.

“Twitter.com was redirected for a while, but API (application programming interface) and platform applications were working,” Stone wrote. “We will update with more information and details once we’ve investigated more fully.”

Twitter’s page was redirected to a Web page displaying a green flag with Arabic writing and the words “This Web site has been hacked by Iranian Cyber Army” at the top. “USA think they controlling and managing internet by their access, but they don’t, we control and manage internet by our power, so do not try to stimulation Iranian peoples to,” a footnote at the bottom of the hacked page read. “Now which country in embargo list? Iran? USA? We push them in embargo list.” The page ends with the words “Take care.”

The “Cyber Army’s” email address was listed on the hacked page as [email protected]

What’s This With DNS?

DNS, the Domain Name System, is a hierarchical naming system for computers, services or any resources connected to the Internet. Each participant is given a domain name that ends in a suffix, such as .com, .net, .org, .gov, etc. These domain names, which are strings of numbers, are translated by the DNS into names people can understand — the Web site names so familiar to us, such as Twitter.com. Consider the DNS system the phone book for the Internet.

Each domain or subdomain in the Internet has one or more DNS servers that publish information about the domain and the name servers of any domains that are subordinate to it. The right to use a domain name is allocated by domain name registrars. These registrars are accredited by the Internet Corporation for Assigned Names and Numbers (ICANN).

You can find information about the registrant of a domain name by going to the WHOIS database.

Twitter’s latest outage may have come in through its domain registrar, said Beth Jones, security analyst at Sophos. “It appears that the registrar was compromised,” she told TechNewsWorld. “The group gained unauthorized access to the account and changed the records to point to their server rather than Twitter’s server.”

Still, there’s a good side to the attack — it appears as though no information was stolen. “The good news is, the attack through the registrar means none of Twitter’s servers were touched and all accounts and passwords are safe,” Jones pointed out.

Stealing Mowjcamp’s Mojo

The other site the hackers claimed credit for attacking is Mowjcamp, a site run by opponents of the current regime in Iran.

Now, Mowjcamp’s site has apparently been rendered inaccessible. Both “mowjcamp.com” and “mowjcamp.org” display messages stating the site has been “parked courtesy of Bluehost.com” or that there is no Web site configured for the address. The site english.mowjcamp.com is currently inaccessible, though a cached version of the page is available through Google.

Et Tu, Tehran?

The attacks are likely the work of Iranian “hacktivists,” Sophos’ Jones said.

“It’s virtually certain that this attack was politically motivated rather than a typical cybercrime, as there is no apparent financial incentive,” added Randy Abrams, director of technical education at ESET.

Twitter and other online social networking technologies were prominently used by protesters during the widespread violence following the disputed reelection of Iranian President Mahmoud Ahmadinejad earlier this year, events which gave rise to the Green Movement. Could this be a case of the Iranian government taking revenge against the microblogging site? Not likely, Abrams told TechNewsWorld.

“There’s no clear value to the Iranian government to dedicating resources to hacking the Twitter site at this point in time,” he explained. “If they knew how to hack it, then it would make far more sense for them to attack when it may be more strategically advantageous to them. They may well appreciate the attack, though.”

Learning About Security

The year began with a bang for Twitter security, when President Obama’s account and the accounts of 32 other prominent users were hacked.

This was followed by a major hack in July, when a hacker going by the alias of “Hacker Croll” obtained documents from the accounts of Twitter executives, including Evan Williams, and threatened to post them on the Web.

This latest attack against Twitter points to lessons companies with their own Web sites should learn. “Monitor your DNS records and servers for unauthorized changes,” Sophos’ Jones said.

This latest attack once again points to the dilemma Twitter faces: If it clamps down on security, it becomes less open and less able to fulfill its goal of linking everyone everywhere in real time.

“If Twitter had a better understanding of security, its service would probably be significantly less flexible,” ESET’s Abrams said.

Still, the people behind the microblogging service do seem to be learning how to walk that tightrope between security and openness, Abrams pointed out. “The lessons are coming at quite a cost, though,” he added.

2 Comments

  • For a people to reach out from Iran, it would take 2000 to 10,00 hackers or 200 hackers pushing over 1000 MBS of Ram in each system. I do of course understand the concept of BOTS, the placement of IE within the system.

    But as it is some would says that the FCC linked to the 40 Fusion Centers built by the United States Government to combat this Cyber attacks and spy on the enemy. Who know …but I can show you all this, remove it if you wish.

    I have found that this FCC Movement to be upsetting, not all of it but most. The most, is that somehow the ACLU and the FCC got together to place a control on Christmas.

    1.Net Neutrality: FCC Plans Internet Regulation for Christmas | The …

    Dec 17, 2010 … Red Tape Under the Tree: FCC Plans Internet Regulation for Christmas … It is reportedly based on a net neutrality plan floated a month ago in …. / Daily_Business/2010/db1209/DO… (December 17, 2010). …

    http://www.heritage.org/…/red-tape... -christmas – Cached

    Red Tape Under the Tree: FCC Plans Internet Regulation for Christmas

    Published on December 17, 2010 by James Gattuso WebMemo #3086

    I do understand that if the One wishes to be known as a god, that God must not be known. Even through force or control of the forbidden apple.

    As of right now the FCC vs. the International Boycott Of The Arabic Drug Empire. Oh, this humors you, well, remember back when WikiLeaks supporters started hacking The People instead of the Government Official, well, I AM the Outsider/ Out Sider, I AM the one who sent out the BOLO to Hackers Unite against WikiLeaks Hackers.. And you ask why does my word hold credit in the streets ? Because what I post is true and is supported by thousands of companies and a lot of good people.. I will give the FCC the same warning as I gave those hackers, you are trust/passing on our domain, and this is backed up by Law and Constitutional Law, that the Freedom Of Choice is what you have a problem with. And with in this is Freedom Of Speech.

    From my Understanding you need our Tax dollars from President Obama. Once he signs this Bill to Law it will end up in Court just like the Health Care Bill.

    Now we send out another BOLO, Bloggers Unite, and this is the Voice Of The People

    By Henry Massingale founder and director for the International Boycott Of The Arabic Drug Empire / FASC Concepts in and for Pay It Forward covers the web post on google Drop by and see why we built a anti crime / war form in a Health Care Reform Concept. To strategically Rebuild America http://www.fascmovement.mysite.com on google look for page 1 AM erican dream

    • Hello to all I lost this page for a while but I wish to show you what I have found out. You will not like it, but the three postings as one builds a link not seen…

      a byMassingale Fasc Concept Report

      Net Neutrality Has Been Named Adam

      2011 Trojan Horse Virus Alert Part 1 – 12160

      Jan 1, 2011 … 2011 Trojan Horse Virus Alert Part 1 byMassingale another FASC Concepts Companies get ready for the new area of what may become the first …

      snardfarker.ning.com/profiles/blogs/2011-trojan-horse-virus-alert –

      Net Neutrality Has been Named Adam – 12160

      Jan 29, 2011 … Adam and the FCC Part 2 Net Neutrality has been named Adam I noted something different about the Matrix Of The Net, I was doing a News …

      snardfarker.ning.com/xn/detail/2649739:BlogPost:303331

      2011 Trojan Horse Alert Part 2 – 12160

      Feb 1, 2011 … Adam is Self Aware 2011 Trojan Horse Alert Part 2 As of now I did a Internet … You see I have been reading about this, so today on 2/1/2011 I asked … Virus information – Sophos/Norman/Kaspersky/Trendmicro/Symantec . …

      – snardfarker.ning.com/profiles/blogs/2011-trojan-horse-alert-part-2Sophos

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

TechNewsWorld Channels