I before post ‘Twitter Hacked by Iranian Cyber Army’, but actually just Twitter DNS records was hacked. I think even twitter.com server headers and tracepath to servers simply prove this, because they are completely different normally when hacked.

Hacked twitter.com headers:


HTTP/1.1 200 OK
Date: Fri, 18 Dec 2009 06:42:08 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635
Last-Modified: Fri, 18 Dec 2009 06:21:13 GMT
ETag: "90c06a-717-47afabf13c840"
Accept-Ranges: bytes
Content-Length: 1815
Connection: close
Content-Type: text/html

Original twitter.com headers:


HTTP/1.1 200 OK
Date: Fri, 18 Dec 2009 08:25:54 GMT
Server: hi
X-Transaction: 1261124754-68110-699
Status: 200 OK
ETag: "592480ad9f6feea20711b47bc5e64dbb"
Last-Modified: Fri, 18 Dec 2009 08:25:54 GMT
X-Runtime: 0.02009
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Content-Length: 20957
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Revision: DEV
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_q=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_page=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_status=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_in_reply_to_status_id=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_in_reply_to=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_source=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_user=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: param_id=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: dispatch_action=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToRdHJhbnNfcHJvbXB0MDoMY3NyZl9pZCIlNzVhYTY3YTZlNjMxNTky%250AMjk5NzkzNGZiMTIxNDg0ZWQ6B2lkIiVkOGE0MzJkYTFjZWQzNGUzMWM1ZThk%250AMThlMTUwN2VlOCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6%250AOkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--379506ebd11ed1403680db265ae97bf4c3768b7b; domain=.twitter.com; path=/
Vary: Accept-Encoding
Connection: close

Hacked twitter.com tracepath


tracepath http://www.twitter.com
...
7: lax009-phx007-832-cr1.phx007.internap.net (66.79.147.182) 40.415ms asymm 8
8: cr2-cr1.phx007.internap.net (66.79.147.174) 46.740ms asymm 9
9: dal005-phx007-833-cr1.dal005.internap.net (66.79.147.177) 54.298ms asymm 7
10: dal005-tor003-1160-cr1.tor003.pnap.internap.net (66.79.147.230) 86.102ms asymm 7
11: tor001-tor003-769-core1.tor001.internap.net (66.79.153.34) 98.458ms asymm 9
12: border1.te9-1-bbnet2.tor001.pnap.net (70.42.24.196) 94.665ms asymm 9
13: netfirms-1.border1.tor001.pnap.net (70.42.26.54) 104.351ms asymm 10

Working twitter.com tracepath


tracepath twitter.com
... 7: ae-2.r22.londen03.uk.bb.gin.ntt.net (129.250.2.77) 33.762ms asymm 12 8: as-0.r20.nycmny01.us.bb.gin.ntt.net (129.250.3.254) 105.484ms asymm 12 9: ae-0.r21.nycmny01.us.bb.gin.ntt.net (129.250.2.26) 105.688ms asymm 12 10: as-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.6.13) 124.634ms asymm 12 11: ae-0.r21.chcgil09.us.bb.gin.ntt.net (129.250.3.98) 122.439ms asymm 12 12: as-5.r20.snjsca04.us.bb.gin.ntt.net (129.250.3.77) 185.225ms 13: xe-1-1-0.r20.mlpsca01.us.bb.gin.ntt.net (129.250.5.61) 186.349ms asymm 14 14: mg-1.c20.mlpsca01.us.da.verio.net (129.250.28.81) 189.346ms 15: 128.241.122.101 (128.241.122.101) 189.184ms 16: 128.241.122.101 (128.241.122.101) 189.468ms !H

Similar Posts