Many companies have dodged a huge bullet as they could have gone through a similar fate as Twitter, the Huffington Post and the New York Times, whose domains were interfered with this week by the Syrian Electronic Army (SEA). Most of the companies took action within 16 hours of the breaking news about the latest attempt by the Syrian Electronic Army to bring down their website domains, which are routed through Melbourne IT. This is according to HD Moore, the chief research officer at Rapid7.
Among the companies that are rushing to lock their website domains include: Cisco Systems, Adobe Systems, Cosmopolitan, Barnes & Noble, Ikea, VMware, Engadget, TechCrunch, Hyatt, Lufthansa, IBM, McAfee, Starbucks, Neiman Marcus, Victoria’s Secret and Toshiba. Bruce Tonkin, the Melbourne IT’s chief technology officer, says that the Syrian Electronic Army used a simple trickery of email phishing to steal the user name and password of an account that is used by one of the distributors of Melbourne IT. With the use of the account, the hackers were then able to gain access to and alter the record for Domain Name System for Twitter, Huffington Post and the New York Times. This resulted to the interruption of the New York Times’ website for almost 20 hours.
While speaking to CyberTruth, Moore said that during the hack, many other domains that are hosted by Melbourne IT had not been locked down leaving them vulnerable. He adds that the locking of the domains for defense is being advertized after details started emerging about how the domains for Twitter, New York Times and Huffington Post were modified. He adds that many domains for the large brands hosted by Melbourne IT were not locked during the attack but there was no evidence that the SEA attempted to make any changes to the domains. He however says that they were vulnerable at the time of the hack meaning that things could have been worse.
By Wednesday morning, over 40 domains’ owners had taken action and installed registry locks according to Moore. He provided a list of domains to the CyberTruth that were recently locked and they include: mapquest.com, techcrunch.com, twimg.com, cisco.com, joystiq.com, dailyfinance.com, cosmopolitan.com, aol.co.uk, earthlink.net, brainyquote.com, discover.com, tweetdeck.com, acrobat.com, directv.com, mediatakeout.com, patch.com, mcafee.com, starbucks.com, mapquest.com, vine.com, mail.com, a8.net lycos.com, aa.com, lufthansa.com, adobe.com, euronews.com, adultadworld.com, lego.com, angelfire.com, jetstar.com, antena3.com, jalan.net anz.com, istockphoto.com, aol.com, inmotionhosting.com, autoblog.com, ikea.com, bancomer.com.mx, icq.com, barnesandnoble.com, ibm.com, bbandt.com, hyatt.com, bigresource.com, discovercard.com, billdesk.com, huffingtonpost.com, canon.com, huffingtonpost.co.uk, cdiscount.com, huffingtonpost.ca, chron.com, hsn.com, cibc.com, howstuffworks.com, crunchbase.com, hm.com, discovery.com, engadget.com, hinet.net, funshion.com, hightail.com, givemesport.com, gettyimages.com.
Others include: royalmail.com, prenewswire.com, vine.com, standardchartered.com, sonymobile.com, toshiba.com, vmware.com, whois.net, watchtower.com, tripod.com, twing.com, moneysavingexpert.com and many others. More says that it is not clear how many domains were still not locked but out of the ones he checked, there still were 82 big name domains that did not have a registry lock in position, even 16 hours after the attack by the Syrian Electronic Army. He however adds that he thinks some more domains will change to the lock status but says that this was not normal in the industry.