Graham Cluley at Sophos, said in his blog: “Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than designed to steal confidential information from users.”
Cluley pointed out that although the hacker group calls itself the Iranian Cyber Army, this does not necessarily mean they are from Iran. However, he pointed out that Twitter was widely used by anti-government protesters in Iran earlier this year, and that Twitter delayed planned maintenance to allow Iranians to continue to share information over the service.
Part of the hacker message from the Iranian Cyber Army read: “The USA thinks they control and manage internet access, but they don’t. We control and manage the internet with our power, so do not try to the [sic] incite Iranian people.”
Cluley expressed relief, however, that ‘all’ that happened was that Twitter users were taken to a site displaying a political message: “Just imagine what could have occurred if they had pointed people to a phishing site posing as Twitter (designed to steal login names and passwords) rather than a political message?”
In a brief blog entry, Twitter’s Biz Stone said that the Twitter DNS records were compromised by an unauthorised party.
Cluley explained that this does not necessarily mean that the Twitter servers were breached by the ‘Iranian Cyber Army’, but that someone managed to somehow change the DNS look-up for twitter.com.
Although this of course raises the question of how the hackers managed to change the Twitter DNS records…