July 21st, 2015
As we strongly suspected earlier, the hackers that briefly took over the Twitter and New York Times domains yesterday didn’t use brute force or fancy hacks to get in. The LATimes reports that the Syrian Electronic Army used phishing emails to get username and password credentials for several employees Melbourne IT, the registrar for both NYTimes.com and Twitter.com. Be careful what emails you click!
Attempting visit Melbourne IT’s homepage (www.melbourneit.com.au) on Wednesday morning showed a blank white page with one line of text at the top: “Hacked by SEA, Your servers security is very weak.” This should’ve been obvious given the hacks from the day before. Apparently, Melbourne IT is the registrar for NYTimes.com and Twitter.com, and its credentials were used to change the domain settings for the two domains. So whoever was doing the hacking—and the Syrian Electronic Army is taking credit—just exploited their access a little more to pull down Melbourne IT’s site.
As with the other hacks, it doesn’t look like anybody really got hurt here. The Times and Twitter both recovered from their hacks within a few hours and there’s no reason the Australians won’t do the same. There’s also no reason to believe the Syrian Electronic Army is going to stop these little attacks, so get your popcorn.
Register for an account it’s free to participate in the discussion or share your thoughts in the Facebook.
Yup, the NYTimes and Twitter Outages Started With Simple Phishing,