Twitter, NY Times in domain hijack
Free report : Avere FXT with FlashMove and FlashMirror
Cracker collective the Syrian Electronic Army – or someone using its name – has claimed responsibility for domain-hijacking Twitter.co.uk, nytimes.com and huffingtonpost.co.uk.
At the time of writing, many of the domains the SEA claimed to have hijacked were back under their owners’ control. In some cases, only the contact records for domains were altered. However, nytimes.com currently returns the SEA as its nameserver.
The New York Times has attributed an outage last Tuesday to malicious activity, and while it didn’t nominate the SEA, its workaround made it clear that a domain redirect was the problem, since it pointed readers at its IP address to get to its site.
So far, the SEA’s threat against the Huffington Post doesn’t seem to have eventuated.
Media is going down…. | http://t.co/Gd1zB70v0g | http://t.co/8NUe7Cs2jm | http://t.co/QDdNdEuuVX | http://t.co/W9nmxo95PQ
— SyrianElectronicArmy (@Official_SEA16) August 27, 2013
Twitter users are attributing the problems to registrar MelbourneIT, which is common to many of the hijacked domains. HD Moore of Metasploit Framework fame has told Mashable that “if the attackers have found a weakness in the MelbourneIT system”, then other domains would also be at risk.
The New York Times also attributes the attack to MelbourneIT:
“The New York Times Web site was unavailable to readers on Tuesday afternoon following an attack on the company’s domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive e-mails”, it has told employees.
The Register has tried to contact MelbourneIT, so far without success. ®
Free report : Avere FXT with FlashMove and FlashMirror
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/twitter_ny_times_in_domain_hijack/