Hackers had Melbourne IT reseller credentials to attack NYT, Twitter

Summary:No sophisticated attack was required to attack The New York Times and Twitter, as hackers already had valid credentials to allow them to change DNS entries.

A Melbourne IT reseller account is at the heart of the investigation into how hackers managed to commandeer the DNS records of The New York Times and Twitter.

Overnight, The New York Times and Twitter revealed that their DNS entries had been maliciously modified, with the Syrian Electronic Army taking credit for the attack. Melbourne IT has now confirmed that one of its customers was targeted by the hacking group, and has taken action to undo the damage created.

The hosting company told ZDNet that valid credentials were used to log in to one of its reseller accounts responsible for the affected domain names, including nytimes.com.

The credentials have been reset, affected records returned to their previous values, and the records themselves locked to prevent changes.

Melbourne IT said that registry lock features were not in use on all of the domains that the reseller was responsible for, including The New York Times. Those domains that did have the feature turned on were not affected.

At the moment, the company is reviewing its logs to determine whether it can uncover the identity of who used the credentials, and has stated that it will work with the reseller and relevant law enforcement organisations. It will also review its security circumstances to determine whether it can add any layers of security to its reseller accounts.

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.