Melbourne IT reseller log-in used in NYT hack

By on
Melbourne IT reseller log-in used in NYT hack

Login credentials of a Melbourne IT reseller were used by the Syrian Electronic Army in attacks against news sites including the New York Times and Huffington Post.

Melbourne IT said the hackers accessed the reseller account and changed the DNS records of several domain names including those for The Times.

It said it since reverted the altered DNS records and "locked" them down against further alteration and changed the affected reseller credentials.

"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," the company said in a statement.

"We will also review additional layers of security that we can add to our reseller accounts."

The atttack saw Times readers briefly redirected to a Middle-Eastern website after the Syrian Electronic Army, which supported Syrian president, Bashar al-Assad, broke into the Melbourne IT account and changed the domain name registration records. 

WhoIs info on nytimes

"The New York Times web site was unavailable to readers Tuesday afternoon after an online attack on the company’s domain name registrar, Melbourne IT. The attack also forced employees of The Times to stop sending out sensitive e-mails," the Times reported.

"In terms of the sophistication of the attack, this is a big deal ... A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of web sites."

Frons said the attacks appeared to be carried out by the Syrian Electronic Army "or someone trying very hard to be them”. 

NYT's systems administrator David Porsche said in a post readers may have been infected with malware after being redirected to a third party site.

"We have had reports that the malicious site that our domain was redirected to was infecting users with malware. It would be a great service to the internet if everyone could please clear their cache for"

The Times said the Syrian Electronic Army was thought to have attacked web sites of The Financial Times, The Washington Post, NPR, and the Twitter accounts held by Reuters, the BBC, and A.P.

It also appeared to have altered contact information for Twitter’s domain name registry records, which has since been corrected.

The hacker group has existed since early 2011 when it began a long campaign of attacks against Western media outlets.

It said domain name registrar suspended its website for breaches of its registration agreement.

Melbourne IT said customers should take advantage of "additional registry lock features available from domain name registries including .com". Other domain names targeted on the reseller account were spared compromise because those features were activated.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia


Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


Disties and vendors are pushing their financial services. Are you biting?
Yes - to move away from banks!
Yes - to spread risk
Yes - dipping toes in the water
Not yet - but we like the look of it
No - looked at it and decided not to
No - it's just not right for us
View poll archive

Log In

Username / Email:
  |  Forgot your password?