Locking your website

Share this article:
Locking your website
Locking your website

If the recent exploits of the Syrian Electronic Army (SEA) have taught web domain owners anything, it is to use a registry lock.

The band of hacktivists – who support Syrian President Bashar al-Assad – have been gaining notoriety for hacking and defacing major media websites and social media accounts. In fact, in August the group made it to the FBI's wanted list. 

The collective has become well known in cyber circles for accessing portals by obtaining valid credentials through the use of spear phishing – a phishing attack variation that targets specific individuals.

During one initially confusing late afternoon in August, the SEA took credit for hijacking and modifying websites belonging to The New York Times, Twitter and the Huffington Post U.K., hastily leading several experts to reconsider the attack methods used by the hacktivists.

The reconsideration was short-lived, however. Some observers, such as HD Moore, chief research officer at vulnerability management company Rapid7 and chief architect of the Metasploit Framework, quickly saw the common thread tying together the affected websites: Melbourne IT, an Australian domain name registrar. 

Moore also saw the missing thread that allowed the websites to be affected: registry locks, or a lack thereof.

A registry lock is a status code applied to a web domain name that is designed to prevent incidental or unauthorized changes – including modifications, transfers or deletion of domain names and alterations to domain contacts details – without first authenticating to the top-level domain operator.

Registry locks are what protected Twitter.com during the attack, but not its image-hosting server, twimg.com, which did not have the added protection – thus explaining why images on Twitter were not displaying properly throughout the incident.

Bruce Tonkin, chief technology officer with Melbourne IT, confirmed the SEA was able to access the compromised websites after an employee at the firm responded to a “surprising” and “authentic looking” spear phishing email.

Following the incident, Tonkin confirmed that dozens of domains registered with his company had put locks in place – including AOL, Starbucks, Cosmopolitan, Toshiba and Barnes & Noble – but added that more need to add the security feature in order for it to become an industry standard.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in 2 Minutes On

Sign up to our newsletters

More in 2 Minutes On

A single solution for retail breaches?

A single solution for retail breaches?

In the wake of recent headline-grabbing breaches at retail chains, arguments quickly arose regarding what could be done in terms of prevention.

Cyber extortion: To pay or not to pay?

Cyber extortion: To pay or not to pay?

Extortion isn't new when it comes to the threat landscape, but as of late, it seems as though it's the flavor of the times for saboteurs.

Privacy: Who cares?

Privacy: Who cares?

Following the recent headline-making breaches at Target and Neiman Marcus, as well as the secrets exposed by Edward Snowden, the question is: Who cares?