On Tuesday of this week, Twitter, the New York Times, Huffington Post and a raft of other websites suddenly found their traffic getting rerouted to servers Russia and Syria. The rerouting was due to a successful hack by a group calling themselves the Syrian Electronic Army, a name that brings to mind proto-Goth synth bands of the 80’s. Service was restored to most sites quickly enough, but you may be wondering: what the hell even happened?
I’ve covered the ins-and-outs of DNS in the past in the context of a particularly-vicious malware attack a little over a year ago. But now seems like as good a time as any to recap, since after all, most of the media is too busy primping and preening over the importance or lack thereof in the New York Times to inform you.
DNS stands for Domain Name Service, and in short, it’s sort of an address book for the Internet. The pretty alphanumeric domain names we all know and love, like chocolateandtomatosauce.com, horney0ldbabes.org or rochesterhomepage.net, are not the addresses computers recognize. Computers navigate the web by using large numbers assigned to each other computer, often notated by four numbers separated by dots, like 127.0.0.1.
Someone, somewhere needs to map all those domain names to their numbers, and that’s where DNS comes in.
What happened in the case of Twitter, NYtimes.com and so forth is that the SEA hacked into the Australian company that carries the official registration of those domain names. By changing the number associated with the domain name, they ensured that anyone looking up those addresses would get the wrong information.
Most people probably never saw any disruption at all. That’s because most ISPs carry their own copies of DNS records, refreshing that data only periodically. In the short term, this was always a pretty low-level threat. But the point was probably more to cause disruption and panic than to do any real damage.