Login credentials of a Melbourne IT reseller were used by the Syrian Electronic Army in attacks against news sites including the New York Times and Huffington Post.
Melbourne IT said the hackers accessed the reseller account and changed the DNS records of several domain names including those for The Times.
It said it since reverted the altered DNS records and "locked" them down against further alteration and changed the affected reseller credentials.
"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," the company said in a statement.
"We will also review additional layers of security that we can add to our reseller accounts."
The atttack saw Times readers briefly redirected to a Middle-Eastern website after the Syrian Electronic Army, which supported Syrian president, Bashar al-Assad, broke into the Melbourne IT account and changed the domain name registration records.
"The New York Times web site was unavailable to readers Tuesday afternoon after an online attack on the company’s domain name registrar, Melbourne IT. The attack also forced employees of The Times to stop sending out sensitive e-mails," the Times reported.
"In terms of the sophistication of the attack, this is a big deal ... A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of web sites."
Frons said the attacks appeared to be carried out by the Syrian Electronic Army "or someone trying very hard to be them”.
NYT's systems administrator David Porsche said in a post readers may have been infected with malware after being redirected to a third party site.
"We have had reports that the malicious site that our domain was redirected to was infecting users with malware. It would be a great service to the internet if everyone could please clear their cache for NYTimes.com."
The Times said the Syrian Electronic Army was thought to have attacked web sites of The Financial Times, The Washington Post, NPR, and the Twitter accounts held by Reuters, the BBC, and A.P.
It also appeared to have altered contact information for Twitter’s domain name registry records, which has since been corrected.
The hacker group has existed since early 2011 when it began a long campaign of attacks against Western media outlets.
Sorry, Our website will not be available for the next few hours, http://t.co/QIpcpKdgYp suspended our account #SEA pic.twitter.com/i1N8K8Q8vP
— SyrianElectronicArmy (@Official_SEA16) August 28, 2013
It said domain name registrar Name.com suspended its website for breaches of its registration agreement.
Melbourne IT said customers should take advantage of "additional registry lock features available from domain name registries including .com". Other domain names targeted on the reseller account were spared compromise because those features were activated.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
