For a good chunk of Tuesday, website administrators at Twitter, The New York Times, and other high-profile media outlets appeared to be locked in a high-stakes battle with self-proclaimed Syrian hackers for control of their Internet domains. Just as quickly as twitter.co.uk, nytimes.com, and other domains were returned to their rightful owners, Internet records showed they'd be seized all over again and made to point to a Russian Web host known to cater to purveyors of drive-by malware exploits and other online nasties.
In between these dueling sides was Melbourne IT, an Australian domain registrar that managed the domain names not only for Twitter and the NYT, but also for The Huffington Post, which security researchers also said also experienced problems. Update: A spokesman for the company told The Australian Financial Review the outages were the result of a breach of its security. The login credentials of one of the company's resellers were compromised, allowing attackers to access servers and change settings that direct users to the correct servers.
One of the researchers following the clash was HD Moore, chief research officer of security firm Rapid7, who watched the struggle play out more or less in real time. At one point on Tuesday afternoon, his searches showed the official domain name servers for twitter.co.uk as being ns1.syrianelectronicarmy.com and ns2.syrianelectronicarmy.com. A half-hour later, the name servers had been changed back to the much more benign servers at a4.nstld.com, f4.nstld.com, g4.nstld.com, and l4.nstld.com.
Read 5 remaining paragraphs | Comments
     |