Pro-Syrian hacktivist group The Syrian Electronic Army (SEA) used a phishing attack to compromise an Australian website domain registrar, and used its access to disrupt websites including the New York Times and Twitter.
Yesterday afternoon, the website of the New York Times was down for several hours. Visitors were briefly redirected to a Syrian web domain.
In an article about the hack, the newspaper reported that it had stemmed from an attack on its domain name registrar, Melbourne IT.
The article quoted the New York Times' CIO Marc Frons attributing the attack to “the Syrian Electronic Army, or someone trying very hard to be them".
Meanwhile, the SEA's official Twitter account posted: “Hi @ Twitter, look at your domain, its owned by #SEA”. It linked to pictures of Twitter's whois lookup information, which reveals who a domain name is registered to, with the word 'SEA' replacing 'Twitter'.
On a statement on its website at 4:49pm, Twitter one of its image servers were “sporadically impacted” as a result of the breach, affecting the viewing of images and photos for some users. The company said it had regained control within two hours and no Twitter information was affected, although users are still reporting problems.
Huffington Post UK was also a target of attacks but is yet to issue a statement on how it was affected. It was one of the sites listed in a warning posted by the SEA on Twitter that read “media is going down.”
A spokesperson for Melbourne IT told the Australian Financial Review that following a targeted phishing attack the username and password of an unnamed Melbourne IT reseller were used to access a reseller account on the company’s systems.
The phishing method is similar to that used in attacks by the SEA two weeks ago on content recommendation service Outbrain, which affected visitors to the Washington Post, CNN and Time.
A spoof email purporting to be from the company’s CEO gained credentials from employees which the hackers then used to infiltrate the site.