It was another reminder of the vulnerability of businesses that conduct all or some of their activities online.
Both the New York Times and Twitter were hacked yesterday. Or, at least, their domain names were “hacked” — i.e., hijacked for a time.
The two companies essentially had their domain names rerouted to different servers. In the case of the New York Times, it was the entire NYTimes.com web URL that was affected. In the case of Twitter, it was only the domains for the images hosted on Twitter.
A group claiming to be loyal to Syrian president Bashar al-Assad claimed responsibility in a series of messages on Twitter.
The group, calling itself the Syrian Electronic Army (SEA), also claimed to have hacked the Huffington Post, but that site does not appear to have been affected.
How The Hackers Did It: A Phishing Email
The SEA hacking attack was relatively low-tech (as such things go). It started with a phishing email.
The email enticed an employee of a reseller of Melbourne IT in Australia to give up login credentials. Melbourne IT provides online DNS services for The New York Times website, Twitter and many other clients.
Typically, a phishing email tries to get unsuspecting recipients to click on a link taking them to a fake page that may look exactly like a legitimate site. Upon logging in, the login credentials are captured.
Once the SEA had the login credentials, they were able to gain access to the DNS records for the New York Times website. They then changed the records to point to a different server. When visitors went to the NYTimes.com site, they saw a screen with an SEA insignia.
That’s because the DNS information was directing Internet traffic to go to the substituted server location for information, not to the New York Times’ Web servers. Writes The Next Web, “DNS is akin to a ‘phone book for the Internet’ and is responsible for taking you to the website that you want to visit.”
Although Melbourne IT changed the DNS information back promptly after the intrusion was discovered, the effects lingered. The reason: it can take up to 24 hours for your ISP’s caches to be cleared of information.
Almost a full day later, some people (including here at the Small Business Trends offices) were still not able to access the New York Times website. Up until nearly noon Eastern time today, New York Times Vice President of Communications, Eileen Murphy, was still responding to inquiries on Twitter from readers who said they could not access the site.
The DNS tampering also affected Twitter to a lesser degree. The SEA managed to access the DNS records for where Twitter images are hosted (although not the main Twitter servers). Twitter issued an official status update saying “Viewing of images and photos was sporadically impacted.”
2 Lessons You Can Take Away:
1 ) Train employees to spot and avoid phishing emails.
Be wary of unexpected emails that seem to come out of the blue prompting logins. Look closely at the URL for any page you are directed to. Sometimes the pages look perfect, and only the URL is a giveaway that it’s a phishing site. Make sure employees are trained to watch out.
2) Secure the Logins for Your Domain Name Accounts
Small businesses typically have their domain name registrar manage their DNS. If someone gains access to your domain name account, they may be able to tamper with where your website traffic is pointed to. While domain registrars usually require multi-step security for transferring a domain name, that may not be the case for changing DNS settings. Protect login credentials carefully.
New York Times Building Photo via Shutterstock
More in: Cybersecurity