14 DAY TRIAL // The pro-Assad hackers of the Syrian Electronic Army have breached the systems of Melbourne IT, an Australian domain registration and web hosting company. Once they had access to Melbourne IT’s systems, the hackers hijacked the domains of The New York Times, Twitter, The Huffington Post, and others.
Melbourne IT representatives have confirmed for the Australian Financial Review that their systems had been illegally accessed. It’s believed the attackers hacked a US-based reseller of the Australian Internet company.
They used the reseller’s account to change the DNS records for as many as nine domain names, including nytimes.com, twitter.com, twitter.co.uk, twimg.com and huffingtonpost.co.uk.
Rapid7’s HD Moore has told Ars Technica that the hackers had changed the domain nameservers of the impacted websites to their own, ns1.syrianelectronicarmy.com, and ns2.syrianelectronicarmy.com.
OpenDNS experts say the nameservers are known for hosting malware and phishing domains.
The attack on The New York Times and Huffington Post are not surprising, considering that the Syrian Electronic Army often targets media companies. As far as Twitter is concerned, the hackers have threatened the social media network for suspending their accounts.
The New York Times has confirmed that the outage was the result of an “external malicious attack.” The organization’s CIO advised all employees to be cautious when sending emails.
Melbourne IT says it’s still investigating the incident. The company is working with the US reseller to determine how the hackers gained access to a valid set of credentials.
Based on past hacks, it wouldn’t be surprising if the Syrian Electronic Army relied on cleverly designed spear-phishing emails to trick at least one of the company’s employees into handing over his/her credentials.
Currently, the DNS records have been restored and all the impacted websites appear to be working properly.
The Syrian Electronic Army has often leveraged access to the systems of third parties in order to hijack the websites and social media accounts of high-profile companies. For instance, they hijacked the New York Post’s social media accounts by hacking SocialFlow.
The attack on Outbrain has allowed them to redirect the visitors of certain CNN, Time, and Washington Post articles to the Syrian Electronic Army website.