Who Was Behind the 'Iranian Cyber Army' Twitter Attack?

Pro-regime hackers getting revenge, vandals trying to frame them, or someone else entirely?

This article is from the archive of our partner .

On Thursday night, cyber attackers infiltrated Twitter and disrupted the site for over an hour. The hijacked site displayed a message from the "Iranian Cyber Army," which has been translated as follows:

Iranian Cyber Army
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don't, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To....
Take Care.

Over the summer, Twitter played a vital role in disseminating news during Iran's violent post-election uprisings. Iranian protesters and journalists around the world used the microblog to receive real-time information from the ground, where government forces repeatedly clashed with protestors, resulting in the deaths of dozens of people. While Twitter has been compromised by cyber attackers before, this apparently political assault left commentators scratching their heads. Who could have been behind it?

  • Domain Name Hijackers, Not Information Thieves The Register's John Leyden quashes the theory that "Twitter's serves themselves were commandeered by hackers." As he points out, that simply wasn't the case: "It now seems that Twitter's DNS [Domain Name Service] records were altered. That means surfers trying to reach the website directly via name resolution services were thrown over towards a fake domain, while the site itself and micro-blogging applications that plugged into Twitter's API - such as TweetDeck or mobile phone apps - were unaffected by the attack." Meanwhile social media blog TechnicaVita's founder John Carnell says that the Twitter and its users are actually fortunate that the attack wasn't worse: "In this instance we were VERY LUCKY the hackers were just making a point, it could of been much worse if they had setup a clone of the Twitter.com homepage and collected login information."
  • Twitter's Lax Security Shares the Blame TechCrunch founder Michael Arrington argues that in some sense Twitter, which has a spotty record of security breaches, brought the attack upon itself. "It was hoped that with the hiring of a new COO, Dick Costolo, as well as a number of other high-level engineers, including security experts, that Twitter had grown out of the phase of being vulnerable to security incidents on such a large scale." GigaOm's namesake Om Malik voiced a similar appraisal of Twitter's unreliability: "The tragedy is that I never thought for a minute that anything was wrong, mostly because we are so used to the Fail Whale and Over Capacity messages from the service that eventually wants to be the heartbeat of the web."
  • Green Revolutionaries...Who Hate the U.S.? At the Guardian, Bobby Johnson attempts to round up the few facts currently known about the "Cyber Army," but finds they don't quite add up: "Little is known, however, about the group who appeared to claim responsibility for hacking Twitter. But the nature of the messages they left appears somewhat confusing.Though the text left by the hackers appeared to be anti-American, they also used the image of a green flag - the colour connected to the election protesters, and to Mir-Hossein Mousavi, the main challenger to President Ahmadinejad."
  • Anti-Opposition, Pro-Establishment Hackers Some think the anti-U.S. message left by the hackers was a genuine reflection of a backlash against the Twitter-supported protests. The BCC runs with the headline "Pro-Iranian hackers hit Twitter and Opposition Websites," citing the fact that another opposition website was also infiltrated by the same message:
"The website Mowjcamp.org is run by supporters of the reformist candidates who challenged Iranian president Mahmoud Ahmadinejad in June's elections.

Both Twitter and Mowjcamp.org became a focal point for protesters during mass opposition rallies on the streets of Tehran, and the hundreds of arrests that followed."
  • Someone Trying to Frame Iran At CNET Asia, Iranian tech correspondant Reza Hashemi analyzes the imagery left behind by the attackers, eventually concluding it is not authentically Iranian and is simply a frame-up designed to make Iranians look bad:
No one knows anyone or any group ,black hat or white hat, named as "Iranian Cyber Army" so it is a new name that is important because of the message it implies. The visitor is invited to believe that Iran has a cyber-army ready to attack to the world's Internet infrastructures! what a big lie!...

Cool! so the hacker wants us to think of Iran as a big evil to the world?...

In my opinion, this is a fake deface. It is not by Iranians and targets different from what is shown on its page. It just wants to show that Iran is pro-terrorism country.
This article is from the archive of our partner The Wire.