Report: Security Breach Behind Twitter Outage Did Not Originate with New Hampshire DNS Provider

A hacker attack on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users late Thursday, directing them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc. But according to information obtained by Xconomy, the breach that apparently gave hackers access to the site did not occur at Dyn, and may in fact be traceable to a security hole at Twitter or at some other point of access.

The DNS is a global, distributed system that translates websites’ familiar alphanumeric names, such as www.twitter.com, into Internet Protocol addresses that can be used by Web servers and Internet routers to deliver Web pages to people who request them. Many companies, including Twitter, outsource DNS services to specialized providers such as Dyn, whose computers are especially fast at resolving URLs into IP addresses. “The DNS is critical for the Internet infrastructure,” says Phil Jacob, founder and CEO of Cambridge, MA-based product recommendation site Stylefeeder, which is also a Dyn client.

Jacob says Dyn executives filled him in today about the crisis at Twitter after he requested a briefing. From what he learned, he says, he is satisfied that the episode is not a sign of any weakness in Dyn’s security procedures.

Kyle York, vice president of sales and marketing at Dyn, said he was limited in what he could say about the incident on the record. “This was an isolated incident,” York says. “No unauthenticated user account accessed Twitter’s Dynect Platform account. Dyn Inc is working with Twitter and the authories in an investigation on the issue.”

Reading between the lines, York’s statement would seem to suggest that Twitter’s account at Dyn was accessed by hackers who appeared to have proper authorization—perhaps meaning a pilfered password. This apparently gave the hackers the ability to implement a “redirect” that caused Twitter’s domain name to resolve, temporarily, to an incorrect Internet address (the address of the Iranian Cyber Army page).

The hackers did not have access to any

Pages: Page 1, Page 2

Author: Wade Roush

Between 2007 and 2014, I was a staff editor for Xconomy in Boston and San Francisco. Since 2008 I've been writing a weekly opinion/review column called VOX: The Voice of Xperience. (From 2008 to 2013 the column was known as World Wide Wade.) I've been writing about science and technology professionally since 1994. Before joining Xconomy in 2007, I was a staff member at MIT’s Technology Review from 2001 to 2006, serving as senior editor, San Francisco bureau chief, and executive editor of TechnologyReview.com. Before that, I was the Boston bureau reporter for Science, managing editor of supercomputing publications at NASA Ames Research Center, and Web editor at e-book pioneer NuvoMedia. I have a B.A. in the history of science from Harvard College and a PhD in the history and social study of science and technology from MIT. I've published articles in Science, Technology Review, IEEE Spectrum, Encyclopaedia Brittanica, Technology and Culture, Alaska Airlines Magazine, and World Business, and I've been a guest of NPR, CNN, CNBC, NECN, WGBH and the PBS NewsHour. I'm a frequent conference participant and enjoy opportunities to moderate panel discussions and on-stage chats. My personal site: waderoush.com My social media coordinates: Twitter: @wroush Facebook: facebook.com/wade.roush LinkedIn: linkedin.com/in/waderoush Google+ : google.com/+WadeRoush YouTube: youtube.com/wroush1967 Flickr: flickr.com/photos/wroush/ Pinterest: pinterest.com/waderoush/