Syrian Electronic Army's Alleged Attacks Expose Soft Spot - Wall Street Journal

SAN FRANCISCO—A hacking attack on websites run by New York Times Co., Twitter Inc. and other companies highlights a longstanding soft spot in Internet security: The Web's version of a phone directory is controlled by outside companies. Although large firms often spend millions to combat a growing list of cyberthreats, the keys to their Web addresses—the names that usually end in .com—often are held by one of hundreds of so-called domain-name server registration companies. As the big sites learned on Tuesday, those companies can sometimes be tricked with a piece of spam. On Tuesday, an exploitation of the Australian registration firm Melbourne IT—believed to be by the Syrian Electronic Army, a group of hackers that supports Syrian President Bashar al-Assad—resulted in nytimes.com being inaccessible for several hours. Websites owned by Twitter and AOL Inc.'s Huffington Post, which also use Melbourne IT for registration, also experienced difficulties. Access returned to normal by Wednesday, the companies said. And the Syrian Electronic Army announced the end of its latest hacking campaign on its Twitter account. To create a website, companies have to register the name with one of hundreds of companies for a fee. The process assigns a particular Web address to a certain email address, physical address and owner. Consumers may be used to registration firms such as GoDaddy.com, known for its racy Super Bowl commercials; large corporations often use more specialized firms such as Melbourne IT. One of the hackers used malicious email to gain the login-access credentials of a Melbourne IT reseller, the Australian company said early Wednesday. Using that information, it appears the hackers were able to take ownership of several Web addresses, according to security researchers. The initial breach—called a "spear phishing" attack—is one of the most common on the Internet. So on Tuesday afternoon, when readers tried to visit nytimes.com, they were redirected to an Internet address that appeared to be in Russia, said Daniel Clemens, owner of Packet Ninjas, a cybersecurity firm with offices in Birmingham, Ala. Twitter, meanwhile, had service problems with one of its picture-hosting pages, the company said. "You can spend all the money you want locking down your servers," said HD Moore, the chief researcher at Rapid7, another cybersecurity firm. "The registrars have become the weak spot. I was just blown away by how easy it was." Melbourne IT said the company offered a security feature that would block changes to the domain-name information without approval from the owner. But few companies use this feature, as it can appear extraneous and create IT hassles down the road. The New York Times and Huffington Post didn't use the feature, and neither did some websites run by Twitter, according to Mr. Moore. Networking giant Cisco Systems Inc., which wasn't targeted in Tuesday's attack, also didn't have the registry-change lock set for Cisco.com, said Mr. Moore, citing digital evidence. The companies have now turned on the registry-lock feature. "We see this threat developing at the registry level," said Jason Schultz, a Cisco threat-research engineer. "This is one good way to add another level of protection." The Times and Twitter didn't respond to requests for comment. Write to Danny Yadron at danny.yadron@wsj.com via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNF-8yZJ5LUXS96HGrgpqU49THYckw&url=http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-311112/

Put the internet to work for you. via Personal Recipe 2598265