Australian link as Syrian hackers hit New York Times
UPDATE: Syrian hackers used Australian user name and password to hack The New York Times and Twitter.
SYRIAN hackers brought down The New York Times website and hacked Twitter today by using the username and password of a MelbourneIT reseller.
A statement by the Australian domain name registration company released this morning said the Syrian Electronic Army used the reseller's credentials to change the records of "several domain names" including nytimes.com.
The statement, released about five hours after the hack attack, did not detail how Syrian hackers obtained the reseller's log in details.
A MelbourneIT spokesman said once they were made aware of the attack, they locked the affected records and changed the reseller's password.
"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," the statement said.
Many users this morning were only been able to get an error message when logging on to the New York Times, and for a short time was pointing to a Syrian Electronic Army domain
The SEA tweeted that the @Twitter domain was "owned by SEA" and many Twitter users reported problems.
HD Moore, chief research officer at security firm Rapid 7, was among those who were fist to identify the link between the SEA attack and Melbourne IT, showing that targeted websites all used the Australian company as their domain registrar.
"Once access to the registrar is obtained, the SEA can redirect all DNS, email, and web traffic going to these sites to a server of their choosing," he told Mashable
Many prominent web sites, including AOL.com, Yahoo.com, Google.com, and Microsoft.com, are all registered with MelbourneIT.
NYTimes DNS is compromised. Pointing to Syrian Electronic Army domain. http://t.co/wfJugHQ155 pic.twitter.com/Vhf35kuQAP
— Matt Johansen (@mattjay) August 27, 2013
In a Facebook post, the Times said the outage was due to a "malicious external attack".
We will continue to publish the news. Here is our latest report on Syria: http://t.co/o3idAOaeBa
— The New York Times (@nytimes) August 27, 2013
The Syrian Electronic Army has also claimed on Twitter this morning to have hacked into the Twitter server.
Hi @Twitter, look at your domain, its owned by #SEA :) http://t.co/ZMfpo1t3oG pic.twitter.com/ck7brWtUhK
— SyrianElectronicArmy (@Official_SEA16) August 27, 2013
Security expert HD Moore identifies MelbourneIT as the common link between victims of the hacking.
@0xabad1dea @boblord @0xcharlie the http://t.co/gCYHPsKzLh domains still shows SEA in the whois, commonality is MelbourneIT as the registrar
— HD Moore (@hdmoore) August 27, 2013
DomainWire names MelbourneIT as "the weak link" in the SEA hack attack.
MelbourneIT the weak link as Twitter and NY Times domain names compromised http://t.co/SjqY1fyqAD
— DomainNameWire.com (@DomainNameWire) August 27, 2013
###