The Twitter site experienced a DNS based attack yesterday that redirected 80% of their traffic.
See the company's explanation here: Update on Last Night's DNS Disruption:
Domain Name System or DNS is an Internet protocol used to translate IP addresses into domain names so instead of typing in a long string of numbers we can enter urls like www.twitter.com into a browser to visit our favorite web sites. Last night, DNS settings for the Twitter web site were hijacked. From 9:46pm to 11pm PST, approximately 80% of Traffic to Twitter.com was redirected to other web sites. We tweeted, blogged, and updated our status page last night.
According to The Wall Street Journal online, the attack appeared to be connected to Iran.
During the attack, Twitter.com pulled up a Web site with a black background, a green flag and a message in Arabic script, according to two people who saw it. The message said the U.S.A. "think they controlling and managing the Internet by their access," according to several blogs that translated the text. "But They Don't, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian People."
Twitter maintains their servers were not compromised but rather that the DNS was redirected. It illustrates how essential DNS is to any web site: If you can't be reached through the DNS then you are down. The best network and firewalls in the world are irrelevant if everyone is directed to another web site.
Now imagine an even worse threat: What if the DNS redirected you from your bank or broker's site to another site that looked exactly the same? You login and get an error message telling you "The system is down, please try again later".
Someone just captured your login information. They now have access to your account.
That type of attack is relatively easy to pull off unless your bank is using DNSSEC. But to my knowledge Brazil is the only country requiring this simple protection for banking customers.
Comments