By Barry Shteiman
The attack against the New York Times (NYT) was a Domain Name System (DNS) breach. Hackers infiltrated the DNS broker that holds the translation records for nytimes.com, sending users to the Syrian Electronic Army’s own website. The attack could have been prevented by securing the DNS server.
This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on third public services to conduct their business. While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premise – it is a much harder practice when some of that infrastructure is provided by a third party, like an Internet Service Provider or a DNS host. At some point, Chief Information Officers need to realise that critical pieces of their online entities are controlled by vendors and security policies should apply to them as well.
It makes a lot of sense for a hacktivist group that wishes to display their message and show that they exist – to go after high end media. The Syrian Electronic Army have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is in an essence, what hacktivism is. There is no profit involved. Making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after.
Companies should create contingency plans, and check the security measurements taken by their third party content and infrastructure providers. A DNS is unfortunately, a great example. Another point to make is that this is not the only DNS hijack that we have seen in the last few months, specifically to target media sites and social networks. Collaboration or case study based approach should have alerted NYT to check what their infrastructure providers are doing to protect their clients.
About the author
Barry Shteiman is Imperva’s Senior Security Strategist where he works directly with the CTO Office and Imperva’s dedicated security research organization, the Application Defense Center. Barry has also authored several application security tools and contributed code to a number of open source security projects. Barry is dedicated contributor to Imperva’s security blog as well as an active tweeter. He encourages you to follow him on Twitter @bshteiman and ask him any security question you want.
For nearly a decade, Imperva, a pioneer in data security, has brought a complete security lifecycle to provide visibility and control for databases including the people and applications that access them. The world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality.