Reseller Blamed For NY Times DNS Hack Gives Industry Black Eye, Say Channel Execs


A politically motivated hacktivist attack that disrupted the websites of the New York Times, Twitter and other online services on Tuesday is being blamed on a security lapse at a domain reseller, and channel executives tell CRN that such high-profile incidents could potentially damage their reputations in the short term.

Melbourne IT, the domain registrar responsible for handling the authoritative DNS server information to properly resolve the websites, blamed a domain reseller for the successful attack. The firm said a phishing attack helped the Syrian Electronic Army (SEA) obtain login credentials and change the DNS records. The hacktivist group then redirected traffic from those sites to a rogue domain.

Usernames and passwords are increasingly becoming a target of attacks, and poor and mismanaged processes can open an opportunity for cybercriminals, said Rob Delevan, national account manager at Salt Lake City, Utah-based Wasatch I.T. Human error or carelessness is common in every industry, Delevan said.

[Related: Hacktivists Are No Garden-Variety Hackers]

"As good as your safeguards are, it's almost always going to come back to relying on humans," Delevan told CRN. "This could be a black eye for some specific verticals, but the impact won't last long."

The SEA, a hacking group that supports Syrian President Bashar al-Assad, has been active over the last year, hijacking a variety of media Twitter accounts and temporarily taking down high-profile websites. The attack on Tuesday began shortly after 4 p.m. EST. Network engineers from OpenDNS and Google believe the NYTimes.com website was redirected to an internet space full of phishing and sites hosting malware, said Matthew Prince, CEO of cloud hosting provider CloudFlare, who was involved in the investigation of the attack and detailed the account in a blog entry following the attack.

Securing account credentials to company DNS records should be an imperative, say security experts. Similar attacks have taken place in the past. In 2009, security experts advocated tougher authentication processes with DNS registrars following an incident when Twitter's domain, maintained at the time by Dynamic Network Services, was hijacked by a group called the Iranian Cyber Army. The hacktivists used a stolen password to log in and change Twitter's DNS settings. Microsoft's domains have also come under fire in the past. And, several hackers hijacked Comcast.net in 2008 by contacting Network Solutions, the company's domain registrar, and using credentials from a hacked Comcast email account.

Domain resellers tend to be smaller businesses that sell a variety of website services, but ultimately the registrar is responsible for maintaining security and continuity, said Jason Tierney, founder and CEO of BeyondIT Consulting. Tierney said solution providers that mismanage their client relationships are eventually identified and ultimately go out of business, because all a business really has is its reputation.

"As a managed service provider, the revenue is going to come when I do my job right," Tierney said. "My role isn't necessarily to pull in as much revenue as possible, because over time trust is going to be developed, my relationship will grow and I'll get more business from my client."

"Anybody who has been burned by a reseller before is going to be careful of who they are choosing to work with. That is why reputation is of utmost importance," said Eric Peters, a sales executive at Seattle-based solution provider Trebron Company. "You have to work hard to be an advocate, work at providing support and not focus on making an immediate sale all the time."

PUBLISHED AUG. 28, 2013