Syrian Electronic Army (SEA) hackers “broke into” Melbourne IT, an Australian Internet services company that claims Twitter and the New York Times as its customers.
How the attacks happened remains a matter of speculation at this time, but apparently, the attacks did originate at a breach at Melbourne IT and resulted in fake headlines and Twitter messages, as well denial of service issues.
Twitter and The New York Times are among a number of well known companies that use Melbourne IT as a domain name registrar. In turn, Melbourne IT has said that the attackers had gained access to their systems using a valid user name and password so, we kind of know how it happened in one way, just not the details.
The first human casualty of the attacks seems to be Theo Hnarakis, the CEO of Melbourne IT, said he was leaving his job today, but claimed it was unrelated to the attacks. Hmmm.
The nature of the attacks seems to have surprised officials. Marc Frons, CIO for The New York Times Company, told The Guardian newspaper, “In terms of sophistication, this is a big deal. It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds, if not thousands, of websites.”
Twitter said that SEA had attacked the administrative contact information for Twitter’s domain name registry records. Meaning, the Whois.com listing for Twitter included the SEA as an administrative contact. However, Twitter has said it has regained control, althogh some users were still reporting problems.
So, a couple of questions: why are these large US corporations using an Australian IT company as a registrar? How is that a simple login and password was used to gain access to what is essentially the main door to the vault of these companies’ online assets? Why is the SEA being such dicks?
And the US is planning to bomb the Syrians. Wow. This is going to get ugly.