A group claiming to be the Syrian Electronic Army was able to take down the New York Times on Tuesday by hacking into a web site in Australia, The New York Times said in a statement.
The group gained control of the Times’ domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). DNS is the server that sends you to a web page when you type a URL address into your browser, such as nytimes.com.
By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter. Twitter reportedly also uses Melbourne IT.
Melbourne IT is the dominant provider of domain name services in Australia, partly because it long had the monopoly on allowing the registration of .com.au site names. It claims to have more than 350,000 worldwide customers. It current CEO announced plans to step down yesterday.
Melbourne IT just provided us with this statement explaining what happened:
The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT’s systems.
The DNS records of several domain names on that reseller account were changed – including nytimes.com.
Once Melbourne IT was notified, we:
- changed the affected DNS records back to their previous values
- locked the affected records from any further changes at the .com domain name registry
- changed the reseller credentials so no further changes can be made
We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies.
We will also review additional layers of security that we can add to our reseller accounts.
For mission critical names we recommend that domain name owners take advantage of additional registry lock features available from domain name registries including .com – some of the domain names targeted on the reseller account had these lock features active and were thus not affected.
Moral of the story: When it comes to the Internet, it’s a small world.
The SEA claims to be loyal to Syria’s president, Bashar al-Assad, in the civil war going on in the country. The SEA has previously attacked the BBC, National Public Radio, Human Rights Watch, The Onion and the Financial Times.