Twitter hijacked by 'Iranian Cyber Army'

The microblogging site appeared defaced by a group that identified itself as the "Iranian Cyber Army" before the site went down.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Updated at 11:15 p.m. PST to include comment from witness and reflect Twitter.com accessible again.
Updated at 11:50 p.m. PST with status update from Twitter.

Twitter.com was down Thursday evening, and it appears that the microblogging site may have been hacked or the victim of a DNS hijacking.

The site, which was inaccessible for about an hour starting around 10 p.m. PST, was defaced with the following image before it was taken offline:

Twitter's home page before it went offline Thursday evening. CC u07ch/Flickr

The message at the bottom of the image appears to be written in Perso-Arabic script and when translated to English it read:

Iranian Cyber Army



U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don't, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To....



Take Care.

Twitter's status blog was also inaccessible. CNET has inquiries out to Twitter and we will let you know more when we hear back.

Chris Hoare, a Flickr user in Leicester, England, captured the screenshot above and said his attempt to connect to Twitter bounced through a second Web-hosting server before the image was displayed but that he couldn't catch the address.

"The HTML was pretty basic, and everything that it showed was local on the server it was being sent from," Hoare told CNET News.

A Twitter update message posted at 11:28 p.m. said the site was "working to recovery from an unplanned downtime" and indicated that the incident was indeed a hijacking of Twitter's DNS records:

Twitter's DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon.

Security has been a thorny issue for Twitter in the past. In January, a hacker hijacked CNN anchor Rick Sanchez's feed and proclaimed the journalist was "high on crack." Twitter users have also been the target of a password-stealing phishing scam. Disguising itself as a private message that led to a fake Twitter log-in screen, the scam was widespread enough for Twitter to put a warning message on all members' home pages alerting them of the issue.

Certainly, there is a contentious history between Twitter and Iran. In the wake of supposed results of that nation's presidential election in June, protesters in Iran used Twitter to skirt government filters to report events, express outrage, and get people out to opposition rallies. Twitter even rescheduled some planned downtime in order to stay accessible for Iranian users in the midst of political upheaval at the request of the U.S. Department of State.