Hacker group takes responsibility for DNS attack on major media sites

Share this article:

"Media is going down..." The Syrian Electronic Army (SEA) tweeted on Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post UK and Twitter were compromised. It appears the hackers were able to change registry information and modify the DNS records for the companies, according to Whois records.

Security researchers studying the attack believe it was directed at Melbourne IT, an Australian web and email hosting company that provides services for the media sites, in addition to other big-name companies such as Microsoft and Yahoo.

HD Moore, chief research officer at vulnerability management company Rapid7 and chief architect of the Metasploit framework, told SCMagazine on Tuesday that Melbourne IT is the "one common factor" that ties all of these sites together.

There are a couple of ways the attackers could have compromised Melbourne IT's servers to pull off the DNS hacks, Moore said, but it's most likely they registered their own domain with the registrar and "found a way to reset passwords or jump over and take over other accounts".

The ability to redirect the domains to any site of their choosing is just one of the things Moore said an attacker could do with these kinds of privileges, so he recommended that people "don't use [Melbourne IT] sites for a couple of hours" and await direction from officials as more information becomes available.

Christina Thiry, a spokeswoman at Twitter, emailed SCMagazine.com on Tuesday and said that the company was investigating the incident.

The company is now confirming the incident was malicious in nature, according to a statement posted online.

A New York Times spokesperson did not immediately respond to SCMagazine.com for comment, but a story posted on the Times website indicates that Melbourne IT has been affected and acknowledges that SEA is taking responsibility for the attack.

Melbourne IT is an Australia-based domain name registrar that also offers a host of services, including website design, hosting, email, cloud computing and online marketing, according to its website. Founded in 1996, the company has six locations throughout Australia, New Zealand and the US and earned more than $170 million in revenue last year. Melbourne IT's customer base consists of more than 400,000 clients.

Representatives at Melbourne IT and Huffington Post UK did not immediately respond to SCMagazine.com for comment.

Everything started coming to a head some point after 4pm EST, when users who visited the Times site saw a message that read, "Hacked by SEA". The website seemed to be back up before long, but has been experiencing sporadic downtime.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more