Major Cyber Attack Traced to Phishing Emails
In yesterday’s post about the hacking attack against the New York Times, Twitter, Huffington Post, and many other top websites, I speculated that it could have been the result of a DNS cache poisoning exploit, but the hackers gained access to these sites’ DNS records with a much more prosaic method: they tricked people into giving up their logins and passwords.
Melbourne IT, an Australian firm that allows website owners to buy addresses such as latimes.com, said the downtime suffered by the New York Times website Tuesday began when hackers gained access to the user name and password of one of the company’s sales partners.
Using those reseller’s credentials, hackers changed the records that tell computers around the world from where to download web pages when someone types nytimes.com into an Internet browser.
[Updated, 8:27 a.m. Aug. 28: The U.S.-based sales partner’s credentials ended up in the hackers’ hands after a targeted phishing attack was directed at the firm’s staff, Melbourne IT Chief Technology Officer Bruce Tonkin said early Wednesday. Essentially, several people at the U.S. firm were duped by emails that coaxed them into giving up log-in credentials.
“We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords,” Tonkin said in an email. “We have also temporarily suspended access to affected user accounts until passwords have been changed.”]
Late Tuesday, Melbourne IT spokesman Tony Smith said the company was reviewing how to improve security.
You’d better believe they’re reviewing security procedures — this is supposed to be one of the most high-end DNS service providers on the planet. It’s a bit gob-smacking they had employees naïve enough to give away their passwords to a phishing email.