Another day, another high-profile hack.
Twitter and the New York Times were down yesterday afternoon after they were broken into by the Syrian Electronic Army, in an attack that lasted into the early night. The attack left the NYT down and made viewing images difficult on Twitter.
The New York Times Web site is experiencing technical difficulties. We are working on fully restoring the site.— The New York Times (@nytimes) August 27, 2013
The Times website had a Syrian Electronic Army message displayed on its frontpage for a short time:
Ultimately, it appeared that the SEA gathered control of MelbourneIT, a domain name registrar. NYtimes.com, Twitter.com and TWImg.com are all registered with MelbourneIT, so the SEA were able to attack all three from one spot. "All three domains use MelbourneIT as their domain registrar," said HD Moore, a researcher at security firm, Rapid7. "Once access to the registrar is obtained, the SEA can redirect all DNS, email, and web traffic going to these sites to a server of their choosing."
Interestingly enough, AOL.com, Yahoo.com, Google.com and Microsoft.com are all registered at MelbourneIT, but were spared from the attack.
"If the attackers have found a weakness in the MelbourneIT system, these other domains may also be at risk," Moore continued.
Today, both sites are up and running. No one knows for how long.