NY Times, Twitter websites compromised via a single phishing mail: Report

A day after the high-profile hacks on The New York Times’ website and Twitter by the Syrian Electronic Army, The LA Times...

A day after the high-profile hacks on The New York Times’ website and Twitter by the Syrian Electronic Army (SEA), The LA Times seems to have zeroed down on a single phishing email as the cause of the disruption. It looks like a malicious mail sent to the staff of Melbourne IT, the DNS registrar for both websites caused the hack yesterday.

The emails contained a phishing link that tricked one of the resellers from Melbourne IT to enter his login credentials thanks to which the SEA probably found an opening into the company’s database. “We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords,” Bruce Tonkin, CTO of Melbourne IT said in an email. “We have also temporarily suspended access to affected user accounts until passwords have been changed.”

NY Times, Twitter websites compromised via a single phishing mail: Report

Phishing mail behind the hack

 

The Australia-based company is the registrar for both Twitter and the New York Times. The hack into its systems led to the DNS of both the websites being attacked by the SEA. For a while, requests made by users to go to nytimes.com saw them being redirected to another website. Similarly, requests sent to various Twitter addresses were unsuccessful. Twitter acknowledged that there was an issue it was facing with its DNS. “At 20:49 UTC [2:20 AM IST approx] , our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com,” the micro blogging website said in a statement.

Melbourne IT admitted that reseller accounts handled by them had been compromised and it had taken charge of the situation, working towards controlling the damage. The company’s spokesperson Tony Smith said that the company was reviewing how to improve security. "We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," he said. He added that for mission critical domain names, owners should use additional security features that may cost some money but work well since they limit changes that can be made without extra authorisation. 

 

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.

Loading...




also see

science