Melbourne IT compromise redirects NY Times, HuffPo readers

By on
Melbourne IT compromise redirects NY Times, HuffPo readers

Updated: Readers redirected to malicious site.

Updated: Login credentials of a Melbourne IT reseller have been used by the Syrian Electronic Army in attacks against news sites including the New York Times and Huffington Post.

Melbourne IT said the hackers accessed the reseller account and changed the DNS records of several domain names including those for The Times.

It said it since reverted the altered DNS records and "locked" them down against further alteration and changed the affected reseller credentials.

"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," the company said in a statement.

"We will also review additional layers of security that we can add to our reseller accounts."

The atttack saw Times readers briefly redirected to a Middle-Eastern website after the Syrian Electronic Army, which supported Syrian president, Bashar al-Assad, broke into the Melbourne IT account and changed the domain name registration records. 

WhoIs info on nytimes

The Times chief information officer Marc Frons said it was sent offline and journalists were forced to stop sending sensitive emails.

"The New York Times web site was unavailable to readers Tuesday afternoon after an online attack on the company’s domain name registrar, Melbourne IT. The attack also forced employees of The Times to stop sending out sensitive e-mails," the Times reported.

"In terms of the sophistication of the attack, this is a big deal ... A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of web sites."

Frons said the attacks appeared to be carried out by the Syrian Electronic Army "or someone trying very hard to be them”. 

The new outlet's systems administrator David Porsche said in a post readers may have infected with malware after being redirected to a third party site.

"We have had reports that the malicious site that our domain was redirected to was infecting users with malware.  It would be a great service to the internet if everyone could please clear their cache for"

The Times said the Syrian Electronic Army was thought to have attacked web sites of The Financial Times, The Washington Post, NPR, and the Twitter accounts held by Reuters, the BBC, and A.P.

It also appeared to have altered contact information for Twitter’s twiimg domain name registry records, which has since been corrected.

The hacker group has existed since early 2011 when it began a long campaign of attacks against Western media outlets.

It said domain name registrar suspended its website for breaches of its registration agreement.

Melbourne IT said customers should take advantage of "additional registry lock features available from domain name registries including .com". Other domain names targeted on the reseller account were spared compromise because those features were activated.

Updated with a statement from Melbourne IT.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

  |  Forgot your password?