What might The New York Times — and to a lesser extent, Twitter — have done differently to prevent Tuesday’s hack attack that disrupted access to their sites?
The disruptions began after the Syrian Electronic Army (SEA), a group of hackers that back Syrian President Bashar al-Assad in the country’s civil war, hacked into the systems of the world’s sixth largest domain name system (DNS) registrar, Melbourne IT, and altered DNS settings for nine sites.
Twitter quickly restored service, but by Thursday afternoon, people were still reporting difficulties accessing the Times website. “If you’re still having issues, it’s likely the result of your ISP not yet restoring proper DNS records,” Times spokeswoman Eileen Murphy tweeted Wednesday.
While those cleanup efforts continue, here’s how other businesses can help themselves avoid a similar fate:
1. Beware Spear-Phishing Attacks
According to Melbourne IT chief executive Theo Hnarakis, the SEA was able to hack the affected sites’ DNS settings after launching a successful spear-phishing attack against one of Melbourne IT’s U.S. resellers, which he declined to name. The phishing attack allowed the hackers to access employees’ email, from which they retrieved log-in credentials for both the Times and Twitter DNS configuration pages.