Last night, those trying to reach Twitter’s website were redirected to a page boasting that the microblogging service had been hacked by “the Iranian Cyber Army” according to reports. Biz Stone, one of Twitter’s founders, posted that “Twitter’s DNS records were temporarily compromised,” but has given few additional details.
There have been claims that the attack was intended as retribution for Twitter’s role in the aftermath of Iran’s controversial election, when it facilitated communication among anti-government protestors and helped draw attention from the outside world.
At the time of the unrest, there was evidence that the Iranian government took steps to manipulate the flow of Internet traffic into the country. TechCrunch says that the group of hackers involved is directly connected to the Iranian government:
We have spoken to a number of sources overnight who have told us that the Iranian Cyber Army, unlike other groups with similar national monikers, is a group name that is to be taken literally - ie. it is an Iranian government group. Little is known about how the group operates, but previous attempts to shut off Iranian citizens from Twitter and other web services demonstrate that Iran has the capability and will to use almost any means to control the flow of information on the web both within and outside of its own borders.
This seems a little bizarre to me. After all, one of the “benefits” of cyber warfare is that there’s no need for a government to incriminate itself so directly. In a story earlier this year on politically motivated cyber attacks, I wrote:
A big problem with these politically motivated attacks, according to [Jose Nazario, manager of security research for Arbor Networks], is that it’s particularly hard to pinpoint who is really responsible. While it’s easy to determine which botnet is the source of an attack, it’s far harder to determine who might be paying for the attack. This is a big worry for governments looking for redress or retaliation, he adds.
Although a denial of service attack works in a different way from the attack that Twitter experienced, I think a similar principle holds true. While there are certainly many groups or government entities who might want to punish Twitter for how it was used this summer, or to stifle continued protester activity on the site, I think it’s going to be hard to determine for certain the identity, or government links, of the attackers.