Today MelbourneIT was hacked and one of their biggest customers Websites went down for many hours (details are still emerging but this is how I understand what happened so far). MelbourneIT is the domain registrar for the New York Times. (Twitter was affected too) Even although MelbourneIT don’t host the Website or even DNS for the New York Times, access to the domain registrar allowed all New York Times Web traffic to be diverted to a Website of the hackers choosing.
How did the hackers gain access to The New York Times?
In simple terns, the name-servers for a domain are defined at the domain registrar. For example, if you use CloudFlare, they will be your DNS host (where you change your DNS records; who hosts your name-servers), but your domain registrar is still the place where name-server (NS) records are defined.
In the MelbourneIT hack, the Syrian Electronic Army (who claimed responsibility), gained access to MelbourneIT and changed the name-servers to those of their choosing. This means that all Web and Email traffic intended for the New York Times was sent to the hackers.
Was New York Times Email hacked?
Strangely enough I haven’t read anything about the hacking regarding the New York Times email. As the name-servers define Email routing this means that all emails sent to the New York Times would have been sent to the Syrian Electronic Army. The security and privacy implications here are massive.
Could this hacking have been prevented?
Yes. There is a very simple way of ensuring that this won’t easily happen; ask your registrar to put in place a registrar lock (sometimes called a registry lock). This isn’t possible for all domains but this is fortunately available for .au TLDs.
A registrar lock puts in place an extra level of security and therefore minimizes the type of name-server change as happened at MelbourneIT.
Is the Syrian Electronic Army new?
The Syrian Electronic Army have been very active over the past few months and have performed a few know, but high profile, nameserver changes.. They have also been involved in phishing , Twitter hacking that has caused a dip in the Dow Industrial Average and likely other hacking/malware attacks. The Syrian Electronic Army are, obviously, good at what they do and they are sure getting a lot of attention.
An affiliate of the Syrian Electronic Army has stated that “We are just Syrian youths who want to defend their country against the media campaign that is full of lies and fabricated news reports..Every one of us is working from his home.. and some of us are in Syria and some of us are not.”.
Should you be worried about a similar attack?
No. It is unlikely that it would be much benefit for hackers to use this type of hack on low traffic Websites (yes, just because you get almost two hundred visits a day means that your Website is still low traffic). This type of attack is very effective for extremely popular Websites but there are probably simpler ways of hacking your Webhost or Website that will make a direct hacking simpler than taking over your domain registrar.
Please, make sure you use a high quality domain registrar, a good Webhost and keep your WordPress updated all the time.