The Syrian Electronic Army continues to hammer away at media organizations. This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.
Just as with the ShareThis attack from last week, the Syrian Electronic Army chose to host the domains on their main IP address 141.105.64.37.
Several users reported issues with The New York Times website, however Twitter seemed largely unaffected. Perhaps one reason for this is Twitter’s preference for using HTTPS. When a Transport Layer Security (TLS) tunnel is established with a site, then the rest of the communication with that site flows over the established, encrypted tunnel. Users already logged in would have never experienced a problem. On the other hand, the Syrian Electronic Army also took credit for the attack using Twitter, so perhaps this is why they left the nameservers for the twitter.com domain untouched.
Cisco TRAC is continuing to monitor the situation as it develops.
Good hack, just goes to show that the domain record deserves plenty of good security. All of the best security technology in the world is no good if the domain record is hijjacked. These guys could have redirected the nameservers and MX records to easily redirect or attack users. It is hard to believe that this was so easy but obviously this is how targeted attacks seem to strike at the weakest point.
The twimg.com is responsible for severing images. It was still having issues when I fired up TweetDeck this morning.