Arik Hesseldahl

Recent Posts by Arik Hesseldahl

How the Attack on NY Times and Twitter Domains Could Have Been Worse

Fair warning: The domain-hijacking attacks carried out by the Syrian Electronic Army against the New York Times and Twitter yesterday could have been worse, according to a security expert who has studied the method of the attack.

The observation comes from H.D. Moore, chief research officer at Rapid7, a Boston-based security firm. (I interviewed its CEO Mike Tuchen last year.)

The attackers basically changed the domain settings for NYTimes.com, Twitter.com and twimg.com, another Twitter-controlled domain, and sought to use the root domain name system that directs the traffic of the Internet. As they explained in a series of messages on Twitter this morning, the attackers essentially tried to send Web users who were attempting to get to the Times and to Twitter to the wrong place.

What they did was break into the systems of the company that had registered the domain names. That company is Australia-based Melbourne IT, and it turns out that it’s a pretty popular domain host.

Moore said that several well-known companies who have also registered their domain names via Melbourne IT had, at the time the attack was carried out, left their domains “unlocked” by not taking advantage of an account feature that prevents the domain settings from being easily changed.

“Although Twitter did have a lock in place, at the time of the attack, many large-brand domains were hosted with Melbourne IT and were not locked,” Moore said in an email to AllThingsD. “There is no evidence that the attackers made changes to these domains, but these were potentially vulnerable at the time the attack took place. In other words, things could have been much worse.”

Among the domains hosted by Melbourne IT that were unlocked, and thus exposed to the same kind of attack, were those of a few household corporate names: Software company Adobe, networking giant Cisco Systems, Web company AOL and book retailer Barnes & Noble, as well as popular sites like Engadget, the Huffington Post and coffee concern Starbucks.

Here’s the extended list:

a8.net
aa.com
acrobat.com
adobe.com
adultadworld.com
angelfire.com
antena3.com
anz.com
aol.co.uk
aol.com
autoblog.com
bancomer.com.mx
barnesandnoble.com
bbandt.com
bigresource.com
billdesk.com
brainyquote.com
canon.com
cdiscount.com
chron.com
cibc.com
cisco.com
cosmopolitan.com
crunchbase.com
dailyfinance.com
directv.com
discover.com
discovercard.com
discovery.com
earthlink.net
engadget.com
euronews.com
funshion.com
gettyimages.com
givemesport.com
hightail.com
hinet.net
hm.com
howstuffworks.com
hsn.com
huffingtonpost.ca
huffingtonpost.co.uk
huffingtonpost.com
hyatt.com
ibm.com
icq.com
ikea.com
inmotionhosting.com
istockphoto.com
jalan.net
jetstar.com
joystiq.com
lego.com
lufthansa.com
lycos.com
mail.com
mapquest.com
mcafee.com
mediatakeout.com
moneysavingexpert.com
monster.com
monsterindia.com
moviefone.com
neimanmarcus.com
norton.com
patch.com
prnewswire.com
redbubble.com
rikunabi.com
royalmail.com
sfgate.com
siteadvisor.com
sonymobile.com
standardchartered.com
starbucks.com
symantec.com
t.co
techcrunch.com
tom.com
toshiba.com
tradedoubler.com
tripod.com
tweetdeck.com
twimg.com
univision.com
victoriassecret.com
vine.co
vmware.com
watchtower.com
whois.net
xero.com

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik