Syrian Electronic Army attacks Twitter with hack

Even as reports emerged of the Syrian Electronic Army (SEA) attacking The New York Times’ website, it looks like the group has trained its eyes on yet another target – Twitter. The group tweeted an image out claiming responsibility for hacking the domain name servers of two sites belonging to Twitter.

The group wrote that it had gained access to Twitter.com’s DNS servers as well as that of Huffington Post UK. Twitter on its part released a post that acknowledged issues with its DNS. “At 20:49 UTC [2:20 AM IST approx] , our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com,” it said. The issue was resolved at around 4 AM IST.

More from News & Analysis

What is the US HIRE Bill and why is India’s $250-billion IT sector worried? Is the internet dead? What's this theory that OpenAI's Sam Altman says might be true?

The DNS records found by security reporter Brian Kerbs on the micro-blogging website showed that twimg.com was redirecting users briefly to a site related to the SEA. Multiple users on Twitter also reported that the background images on their profiles were being changed to images from Syria.

The website itself had not been hacked entirely but server names for Twitter were definitely disturbed. An image posted by the SEA’s account on Twitter showed a picture of multiple Twitter domain names including twitter.co.in and laid stake to them.

TechCrunch has pointed out that server names for both Twitter and The New York Times have been registered through the registrar Melbourne IT. The company which provides domain names from Australia said in a statement, “The credentials of a Melbourne IT reseller [username and password] were used to access a reseller account on Melbourne IT’s systems. The DNS records of several domain names on that reseller account were changed – including nytimes.com.” The company said that once it was notified, it changed the affected DNS records back to previous values, locked records from further changes at the .com domain name registry and changed the reseller credentials.