Twitter and Baidu hijacked by "Iranian Cyber Army"

13/01/2010 Written by Kevin Fernandez (Siegfried)

You prob­a­bly read that story some­where last month, on Decem­ber 17 2009 Twitter’s home­page has been replaced by this mes­sage:

“Iran­ian Cyber Army

THIS SITE HAS BEEN HACKED BY IRAN­IAN CYBER ARMY

iRANiAN.​CYBER.​ARMY@​GMAIL.​COM

U.S.A. Think They Con­trol­ling And Man­ag­ing Inter­net By Their Access, But THey Don’t, We Con­trol And Man­age Inter­net By Our Power, So Do Not Try To Stim­u­la­tion Iran­ian Peo­ples To….

NOW WHICH COUN­TRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
Take Care.

They “sim­ply” hacked their reg­is­trar (dyn­dns) and mod­i­fied their DNS entries.

Yes­ter­day the Baidu home­page, China’s n°1 search engine, got defaced by the same attacker and with the same method, but this time reg​is​ter​.com was the vul­ner­a­ble registrar.

Accord­ing to AFP, the page was car­ry­ing the fol­low­ing mes­sage in persian:

“In reac­tion to the US author­i­ties’ inter­ven­tion in Iran’s inter­nal affairs. This is a warning”

Accord­ing to The Media Line, some Iran­ian gov­ern­ments web­sites have been taken down by Chi­nese hack­ers in response to the hijacking.

These attacks on reg­is­trars are noth­ing new, we pub­lished some arti­cles last year about their increase, say­ing that reg­is­trars were often the weak link of the inter­net sites secu­rity:
http://​www​.zone​-​h​.org/​n​e​w​s​/​i​d​/4708
http://​www​.zone​-​h​.org/​n​e​w​s​/​i​d​/4695

We didn’t get any of those noti­fi­ca­tions (twit­ter, baidu), in the future, if you hap­pen to see a defaced site while brows­ing, feel free to sub­mit it to us, any­body can do this and it is anony­mous (here).

Please send your twit​ter​.com and baidu​.com deface­ments screen­shots to siegfried@​zone-​h.​org, we will pub­lish them.

Here is the screen­shot of the baidu​.com deface­ment (thanks to Gary Warner).

UPDATE:

Gary Warner pub­lished 3 inter­est­ing arti­cles about the inci­dents and Iran­ian Cyber Army:

http://​gar​warner​.blogspot​.com/​2​0​0​9​/​1​2​/​w​h​o​-​i​s​-​i​r​a​n​i​a​n​-​c​y​b​e​r​-​a​r​m​y​-​t​w​i​t​t​e​r​-​d​n​s​.html Who is the “Iran­ian Cyber Army”? Twit­ter DNS Redirect

http://​gar​warner​.blogspot​.com/​2​0​1​0​/​0​1​/​i​r​a​n​i​a​n​-​c​y​b​e​r​-​a​r​m​y​-​r​e​t​u​r​n​s​-​t​a​r​g​e​t​.html Iran­ian Cyber Army returns — tar­get: Baidu​.com

http://​gar​warner​.blogspot​.com/​2​0​1​0​/​0​1​/​m​i​n​i​p​o​s​t​-​c​n​i​r​c​y​b​e​r​w​a​r​.html The Chi­nese hacker groups response to the hijacking


Share this content: