Major Cyber Attack Traced to Phishing Emails

Insecure
Image via Shutterstock

In yesterday’s post about the hacking attack against the New York Times, Twitter, Huffington Post, and many other top websites, I speculated that it could have been the result of a DNS cache poisoning exploit, but the hackers gained access to these sites’ DNS records with a much more prosaic method: they tricked people into giving up their logins and passwords.

Melbourne IT, an Australian firm that allows website owners to buy addresses such as latimes.com, said the downtime suffered by the New York Times website Tuesday began when hackers gained access to the user name and password of one of the company’s sales partners.

Using those reseller’s credentials, hackers changed the records that tell computers around the world from where to download web pages when someone types nytimes.com into an Internet browser.

[Updated, 8:27 a.m. Aug. 28: The U.S.-based sales partner’s credentials ended up in the hackers’ hands after a targeted phishing attack was directed at the firm’s staff, Melbourne IT Chief Technology Officer Bruce Tonkin said early Wednesday. Essentially, several people at the U.S. firm were duped by emails that coaxed them into giving up log-in credentials.

“We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords,” Tonkin said in an email. “We have also temporarily suspended access to affected user accounts until passwords have been changed.”]

Late Tuesday, Melbourne IT spokesman Tony Smith said the company was reviewing how to improve security.

You’d better believe they’re reviewing security procedures — this is supposed to be one of the most high-end DNS service providers on the planet. It’s a bit gob-smacking they had employees naïve enough to give away their passwords to a phishing email.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2016-01-01 10:29 am PST
LGF User's Guide RSS Feeds Tweet

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Square Cash Shop at amazon
as an LGF Associate!
Recent PagesClick to refresh
Breathing New Life Into a Murdered Journalist’s Work In October 2017, the Maltese blogger and investigative reporter Daphne Caruana Galizia needed to go to the bank. Her account had been blocked after a government minister filed a defamation charge against her. She left her house, got into ...
Thanos
3 days, 6 hours ago
Views: 205 • Comments: 0 • Rating: 2
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Who Is, or Was, the Greatest Martial Artist in History?I only got to the rank of 2nd degree black belt in Chinese & American Kenpo, so I am certainly no expert. I earned all my higher belts at American Karate Studios in Northeastern Ohio, and was a competitor on ...
Samuel Vargo
1 week, 4 days ago
Views: 562 • Comments: 4 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
The Way We Regulate Self-Driving Cars Is Broken—here’s How to Fix It The key issue is this: the current system is built around an assumption that cars will be purchased and owned by customers. But the pioneers of the driverless world—including Waymo, Cruise, and Uber—are not planning to sell cars to ...
Thanos
1 week, 4 days ago
Views: 617 • Comments: 0 • Rating: 1
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Android’s Trust Problem Isn’t Getting Better Android security is largely failing due to a smorgasbord of issues and lies. Published today, a two-year study of Android security updates has revealed a distressing gap between the software patches Android companies claim to have on their devices ...
Thanos
1 week, 5 days ago
Views: 892 • Comments: 3 • Rating: 2
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0
Tour of the Moon in 4K Take a virtual tour of the Moon in all-new 4K resolution, thanks to data provided by NASA's Lunar Reconnaissance Orbiter spacecraft. As the visualization moves around the near side, far side, north and south poles, we highlight interesting features, ...
Thanos
1 week, 5 days ago
Views: 875 • Comments: 0 • Rating: 2
Tweets: 0 • Share to Facebook
Shares: 0
Comments: 0
: 0
Vermont Governor Signs Sweeping Gun Control Measures Vermont Gov. Phil Scott on Wednesday signed sweeping gun control measures -- including limits on the size of magazines -- that the Legislature passed last month after contentious debate. The measures:-- Raise the minimum age for gun buyers to ...
Thanos
1 week, 6 days ago
Views: 946 • Comments: 1 • Rating: 1
Tweets: 1 • Share to Facebook
Shares: 0
Comments: 0
: 0