Twitter Whois Record Hijacked, Syria Electronic Army Claims Responsibility

Update: This post has been updated and will be updated as situation warrants. Updates at bottom of post. The title of the post has been updated, as well.

A friend of mine pointed out the Twitter whois record. Apparently it looks like the Admin record is Sea Sea and het email address for Twitter is now something Sea@sea.sy. There is a political situation going on right now in Syria, and there is unrest there.

sea controls twitter

Does this mean that the Twitter.com whois record has been hijacked? I certainly hope not.

Take a look at the whois record, as I just got a screen capture from Domain Tools:

twitter whois

Domain Name………. twitter.com
Creation Date…….. 2000-01-22
Registration Date…. 2011-08-31
Expiry Date………. 2019-01-22
Organisation Name…. Twitter, Inc.
Organisation Address. 1355 Market Street
Organisation Address. Suite 900
Organisation Address.
Organisation Address. San Francisco
Organisation Address. 94103
Organisation Address. CA
Organisation Address. UNITED STATES

Admin Name……….. SEA SEA
Admin Address…….. 1355 Market Street
Admin Address…….. Suite 900
Admin Address……..
Admin Address. San Francisco
Admin Address…….. 94103
Admin Address…….. CA
Admin Address…….. UNITED STATES
Admin Email………. sea@sea.sy
Admin Phone………. +1.4152229670
Admin Fax………… +1.4152220922

Tech Name………… SEA SEA
Tech Address……… 1355 Market Street
Tech Address……… Suite 900
Tech Address………
Tech Address……… San Francisco
Tech Address……… 94103
Tech Address……… CA
Tech Address……… UNITED STATES
Tech Email……….. sea@sea.sy
Tech Phone……….. +1.4152229670
Tech Fax…………. +1.4152220922
Name Server………. ns3.p34.dynect.net
Name Server………. ns4.p34.dynect.net
Name Server………. ns2.p34.dynect.net
Name Server………. ns1.p34.dynect.net

Check for yourself, you can go to http://whois.domaintools.com/ and look up Twitter.com.

I checked more than one whois database, and even checked BetterWhois.com and it’s the same. Doesn’t seem right.

I don’t have access to Domain Tools’ whois history, so I cannot tell you whether or not the Twitter email address on the whois record has always been sea@sea.sy. But, if that was the email address. I would probably change it to something that’s not relying on the .sy TLD right now. But that’s just me.

Update: Apparently Syria’s Electronic Army is responsible for both NY Times and Twitter’s whosi record changes. Update over here.

Twitter.com domain record hijacked.
HuffingtonPost UK also appears to have had DNS records changed to point to the Syrian Electronic Army’s website.

Twitter has reached out to the Next Web to confirm they are”looking into” the claims

The Twimg.com domain, which is used by Twitter to host images, cookies and more also appears to have had its domain records altered according to the NextWeb.

Update: August 28, 2013: Twitter has fixed the issue and is back safely in the hands of Twitter. NY Times (nytimes.com) was also affected, and it appears from their whois record that they have fixed the issue, as well.