Twitter, AOL lock down URLs in wake of New York Times hack

Posted on Thursday, 29th August 2013 @ 04:46 PM by Text Size A | A | A

Spread the love

As the New York Times tried to wrestle back control of its website, AOL Inc. and Twitter Inc. quickly locked down parts of their own slate of domain addresses. But many other major websites continued to maintain limited security Wednesday morning.

The Syrian Electronic Army hacking group claimed responsibility for a hack Tuesday that sent some visitors of to a hacker-controlled website. The hackers had secured the log-in information for a U.S. sales partner of domain name registrar Melbourne IT and then used the information to breach the company’s administrative interface. Once inside, they were able to change two strings of text that caused those trying to access the New York Times website to be redirected elsewhere.

Other companies that had their records stored with Melbourne IT, including AOL, Cisco, McAfee and Twitter, were also vulnerable, according to HD Moore, chief researcher for cybersecurity firm Rapid7.

“As details start to emerge about how the Twitter and NYT domains were modified, the practice of applying a ‘Registry Lock’ is being touted as a defense, and given as the reason why itself was not hijacked,” Moore said in a note Wednesday. “Although did have a lock in place, at the time of the attack, many large-brand domains were hosted with MelbourneIT and were not locked.”

To make changes to a locked domain, website owners must take a series of steps to authorize updates to a URL such as Had the URL been locked, the hackers would also have needed the newspaper’s log-in credentials.

“It takes longer and is more complicated to make changes,” Bruce Tonkin, chief technology officer for Melbourne IT, said in an email.

Moore, the researcher, said the following sites were among the ones that had been locked down: AOL-owned,, and; Twitter-owned,, and; and

But Moore still found several unlocked domain names. Some of the ones identified and verified by The Times included:,,,, and

Cybersecurity analysts have warned in the wake of this week’s issues that hackers with different aims than the Syrian Electronic Army could cause more damage.

The Syrian hackers redirected to a webpage that could have led viruses to be downloaded to visitors’ computers, but their website was quickly shut down by Internet service providers. The hackers said their goal was to share a message in support of the Syrian government rather than infect computers.

Meanwhile, the Syrian hackers continued to target Melbourne IT after the company blocked their initial unauthorized access.

“I presume that because we have locked the hacker out of the account they had used to hijack the media sites — they have just been looking for opportunities to have a go at us,” Melbourne IT’s Tonkin said in an email. “So they are running port scans and trying to find anything they can.”

They did find a vulnerability in “a server housed in a separate data center from our main domain name registration systems,” Tonkin said.

They exploited the security hole to hack a defunct blog that Melbourne IT had set up a while back.

Tonkin said the blog website was shut down and that the company plans to “scan any other old servers at this remote data center site (which is mainly used a disaster recovery site) for security holes.”

“We operate several thousand servers at various levels of security, and they found an old server that is not currently being used or kept up to date with security patches,” he said.

Related News On HuffPo Club

  • David Gerard is a Bitcoin Fraud

    Spread the love
    Spread the loveI am calling out so-called bitcoin expert ??? David Gerard for the fraud that he is. . All he does is trash bitcoin, trash ethereum and trash any other blockchain idea on wikipedia,…

  • Last Call to be the World Leader in Outer Space. by Daniel Bruno

    Spread the love
    Spread the loveLast Call to be World Leader First posted: 03/18/2010 at Huffpo “Where is that moon, that leads to your soul?” – Aromabar     Legend has it that Kaguya descended from a race…

  • Electoral Science: The Winner of the 2016 Election Will be a Republican

    Spread the love
    Spread the loveOriginally published at Washington’s Blog in April, 2016   by Daniel Bruno   Electoral Science: The Winner of the 2016 Election Will be a Republican I was the first person in the world…

  • Report from Rio

    Spread the love
    Spread the loveReport from Rio Daniel “No Passport” Bruno, reporting from Rio de Janeiro. Daniel is from Manhattan, is an author, inventor, specialist in 9/11 studies, and the interview host at which publishes over…

Disqus Comments

Specify a Disqus shortname at Social Comments options page in admin panel

Facebook Comments

G+ Comments

Default Comments

  • Hpub asks

    • Sorry, there are no polls available at the moment.