NuData Security
  • Solutions
    • NuDetect for Continuous Validation
    • NuDetect for Good User Validation
    • NuDetect for Account Takeover
    • NuDetect for Card Testing
    • NuDetect for OAO
    • Smart Interface 3DS 2.0
    • Trusted Device
  • How It Works
    • Layers
      • Device Intelligence
      • Behavioral Analytics
      • Passive Biometrics
      • Trust Consortium
    • Interdictions
    • Integration
    • Connected Intelligence
  • Use Cases
    • Account Takeover
    • Good User Validation
    • Card Testing
    • Automated Attacks
    • New Account Fraud
    • Loyalty Fraud
    • Success Stories
  • Industries
    • Banking & Financial
    • eCommerce
    • Digital Goods
    • Healthcare
  • Resources
    • Articles
    • Blog
    • Brochures & Datasheets
    • Case Studies
    • Infographics
    • Videos
    • Webinars
    • White Papers & Reports
    • COVID Resources
    • FAQ
  • Company
    • Privacy by Design
    • Awards & Accolades
    • Careers
    • Events
    • News
    • Partners
    • Press Releases
  • Contact Us
  • Demo
  • Search
  • Menu
  • Twitter
  • Linkedin
  • Youtube
New York Times Logo

New York Times Taken Down by Account Takeover, Syrian Electronic Army Accused

On Tuesday August 27, The New York Times was taken down in a simple account takeover attack which was more intelligent and planned than it was technically savvy.

In this targeted account takeover attempt, the perpetrators focused their efforts on the DNS records of the New York Times. DNS is the system which allows users to type a friendly version of a web address in words, the Domain Name System converts this to the IP address in order to route the traffic to the website’s hosting server.

The holder of a DNS record is publicly available through a Who Is search.

New York Times DNS Records

New York Times Public DNS Record, available by a Who Is search

Once the attackers knew that the web address, NewYorkTimes.com was hosted by Melbourne IT, they had the target for their attack.

It has been announced by Melbourne IT’s CTO, Bruce Tonkin that a third party distributors account was breached, allowing the attackers to edit the DNS records for New York Times, redirecting the web traffic from that address, to a whole different website.   It is likely that it was only a single user’s account details which were stolen, probably through a targeted phishing attack. This allows the attackers to login just like the real user, undetected.

Increasingly we are seeing highly destructive attacks which cause extraordinary levels of brand damage, emanating from a very simple point of failure: the user and their password.

Bruce Tonkin revealed that they discovered suspicious traffic coming from India in the company’s server logs. What this tells us is that the company have some of the tools to spot fraud in a backwards looking sense but not in real-time. The most security conscious firms are already adopting real-time behaviour analytics such as NuDetect to protect against account takeover fraud.

To find out more about protecting your company and their clients against the growing risk of account takeover, contact us.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on Pinterest
  • Share on Linkedin
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://nudatasecurity.com/wp-content/uploads/2013/08/the_new_york_times.jpg 439 1716 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2013-08-29 10:54:352018-07-09 13:30:14New York Times Taken Down by Account Takeover, Syrian Electronic Army Accused
17h

Read here: March is #FraudPreventionMonth and the best way to …

2 Mar

Read here: How many unique passwords do your users have? …

2 Mar

Read here: The economic instability, social unrest and operational disruptions …

25 Feb

Read here: How does designing accessible security relate to a …

24 Feb

Read here: Physical limitations, economic barriers, and low digital literacy …

Solutions

  • Solutions
  • NuDetect for Continuous Validation
  • NuDetect for Account Takeover
  • Success Stories

Company

  • Company
  • News
  • Press Releases
  • Events
  • Awards & Accolades
  • Partners
  • Careers

Use Cases

  • Use Cases
  • Account Takeover
  • Good User Validation
  • Automated Attacks
  • New Account Fraud
  • Loyalty Fraud

Industries

  • Industries
  • Banking & Financial
  • eCommerce
  • Digital Goods

Resources

  • Resources
  • Articles
  • Blog
  • Brochures & Datasheets
  • Infographics
  • Videos
  • Webinars

Contact us

Still have questions?

Call: +1 (604) 800-3711
Twitter Linkedin Newsletter Youtube
© Mastercard Technologies Canada ULC 2021 - Terms of Service - Privacy Policy
Scroll to top