Major Cyber Attack Traced to Phishing Emails

Insecure
Technology • Views: 23,634
Image via Shutterstock

In yesterday’s post about the hacking attack against the New York Times, Twitter, Huffington Post, and many other top websites, I speculated that it could have been the result of a DNS cache poisoning exploit, but the hackers gained access to these sites’ DNS records with a much more prosaic method: they tricked people into giving up their logins and passwords.

Melbourne IT, an Australian firm that allows website owners to buy addresses such as latimes.com, said the downtime suffered by the New York Times website Tuesday began when hackers gained access to the user name and password of one of the company’s sales partners.

Using those reseller’s credentials, hackers changed the records that tell computers around the world from where to download web pages when someone types nytimes.com into an Internet browser.

[Updated, 8:27 a.m. Aug. 28: The U.S.-based sales partner’s credentials ended up in the hackers’ hands after a targeted phishing attack was directed at the firm’s staff, Melbourne IT Chief Technology Officer Bruce Tonkin said early Wednesday. Essentially, several people at the U.S. firm were duped by emails that coaxed them into giving up log-in credentials.

“We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords,” Tonkin said in an email. “We have also temporarily suspended access to affected user accounts until passwords have been changed.”]

Late Tuesday, Melbourne IT spokesman Tony Smith said the company was reviewing how to improve security.

You’d better believe they’re reviewing security procedures — this is supposed to be one of the most high-end DNS service providers on the planet. It’s a bit gob-smacking they had employees naïve enough to give away their passwords to a phishing email.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh
Why Did More Than 1,000 People Die After Police Subdued Them With Force That Isn’t Meant to Kill? An investigation led by The Associated Press has found that, over a decade, more than 1,000 people died after police subdued them through physical holds, stun guns, body blows and other force not intended to be lethal. More: Why ...
Cheechako
3 hours ago
Views: 28 • Comments: 0 • Rating: 0
A Closer Look at the Eastman State Bar DecisionTaking a few minutes away from work things to read through the Eastman decision. As I'm sure many of you know, Eastman was my law school con law professor. I knew him pretty well because I was also running in ...
KGxvi
6 hours ago
Views: 81 • Comments: 1 • Rating: 1