The Daily Item, Sunbury, PA


August 30, 2013

How Twitter dodged website attack that took down New York Times

Bloomberg News — While the New York Times and Google had visitors to their sites redirected this week by hackers, the microblogging service was better able to deflect attacks because of a simple tool called a registry lock. Like alerts sent to credit-card users when something bad happens, the feature notifies website managers of attempts by intruders to tamper with critical information, such as Web-address data.

The cost? As little as $50 a year.

Large banks, e-commerce companies, gambling sites and pornographers have used registry locks from VeriSign and NeuStar to prevent unauthorized changes. Attacks by the Syrian Electronic Army routed New York Times readers to a site that displayed the group's initials and altered some registration data. They underscore how vulnerable many companies are to relatively unsophisticated attacks, which can take down sites and harm their businesses.

"This is certainly an ah-ha moment," said Rodney Joffe, a senior technologist at NeuStar. The Sterling, Va.-based company began offering registry locks in 2010 and requires that website domain information be accompanied by two layers of verification, such as additional codes from security tokens.

"It is a niche business, but there's no reason for it to be," he said. "It's the kind of thing you have to do today."

While Twitter's site operated normally, was inaccessible for some users. The Syrian Electronic Army, which backs the country's president, Bashar al-Assad, claimed responsibility for the New York Times and Twitter intrusions, as well as The Washington Post this month and the Financial Times in early May. Unknown hackers altered Google's website in the Palestinian territories, displaying a map without Israel.

The attacks exploited weaknesses in a registration network called the Domain Name System, exposing risks that site operators face because they're relying on third parties to handle their online addresses. Weaknesses in DNS, which was created in the 1980s to help computers find websites using names instead of numbers, haven't been seen as a significant threat outside of the financial-services and retail sectors up to now, according to John Pescatore, director of emerging-security trends at the SANS Institute in Stamford, Connecticut.

Text Only