Hackers had Melbourne IT reseller credentials to attack NYT, Twitter

No sophisticated attack was required to attack The New York Times and Twitter, as hackers already had valid credentials to allow them to change DNS entries.
Written by Michael Lee, Contributor

A Melbourne IT reseller account is at the heart of the investigation into how hackers managed to commandeer the DNS records of The New York Times and Twitter.

Overnight, The New York Times and Twitter revealed that their DNS entries had been maliciously modified, with the Syrian Electronic Army taking credit for the attack. Melbourne IT has now confirmed that one of its customers was targeted by the hacking group, and has taken action to undo the damage created.

The hosting company told ZDNet that valid credentials were used to log in to one of its reseller accounts responsible for the affected domain names, including nytimes.com.

The credentials have been reset, affected records returned to their previous values, and the records themselves locked to prevent changes.

Melbourne IT said that registry lock features were not in use on all of the domains that the reseller was responsible for, including The New York Times. Those domains that did have the feature turned on were not affected.

At the moment, the company is reviewing its logs to determine whether it can uncover the identity of who used the credentials, and has stated that it will work with the reseller and relevant law enforcement organisations. It will also review its security circumstances to determine whether it can add any layers of security to its reseller accounts.

Editorial standards