Hackers take down Melbourne IT site, following Twitter, New York Times attack

The hackers who commandeered Melbourne IT reseller credentials to change Twitter and The New York Times' DNS records, also took down the blog of the hosting company.

(Screenshot: ZDNet)

The Syrian Electronic Army, credited with attacking Twitter and The New York Times on Tuesday, has hacked and defaced the blog of a Melbourne, Australia-based hosting company at the heart of the incidents.

Read this

Hackers had Melbourne IT reseller credentials to attack NYT, Twitter

No sophisticated attack was required to attack The New York Times and Twitter, as hackers already had valid credentials to allow them to change DNS entries.

Read More

Both companies suffered downtime on Tuesday afternoon after suffering an issue with its DNS provider, which led to the modification of DNS records for both the microblogging site and the New York-based newspaper giant. 

Twitter said, "no user information was affected by this incident," while the Times confirmed that it suffered an outage "following an attack on the company’s domain name registrar, Melbourne IT."

Speaking to ZDNet, the hosting company confirmed that the thought-to-be sophisticated attack turned out to be relatively simple. Melbourne IT confirmed that valid reseller credentials were used to log in and change records associated with the domain names nytimes.com and twitter.com.

According to ZDNet's Michael Lee , the credentials were reset and affected records returned to their previous values. Affected records, which did not have a "lock" feature enabled at the time, have now been locked to prevent any further changes.

But now Melbourne IT has suffered an additional breach, specifically targeting the hosting company's blog.

In a tweet sent out at 9:09 a.m. ET on Wednesday, an account linked to the Syrian Electronic Army said: 

It's understood that the Syrian Electronic Army were able to exploit a weakness in an older version of WordPress version running on the site. 

The company's main site, however, remains up and working.

We attempted to contact Melbourne IT by phone, but the company did not respond outside Australian business hours.