How Twitter avoided the New York Times cyber attack

If the Grey Lady had paid a mere $50 a year for a registry lock, their website would never have been infiltrated

Topics: Bloomberg, Twitter, New York Times, Google, Cyber Attacks, hackers, , ,

How Twitter avoided the New York Times cyber attack

Aug. 29 (Bloomberg) — Chalk one up for Twitter Inc.

While the New York Times and Google Inc. had visitors to their sites redirected this week by hackers, the microblogging service was better able to deflect attacks because of a simple tool called a registry lock. Like alerts sent to credit-card users when something bad happens, the feature notifies website managers of attempts by intruders to tamper with critical information, such as Web-address data.

The cost? As little as $50 a year.

Large banks, e-commerce companies, gambling sites and pornographers have used registry locks from VeriSign Inc. and NeuStar Inc. to prevent unauthorized changes. Attacks by the Syrian Electronic Army routed New York Times readers to a site that displayed the group’s initials and altered some registration data. They underscore how vulnerable many companies are to relatively unsophisticated attacks, which can take down sites and harm their businesses.

“This is certainly an ah-ha moment,” said Rodney Joffe, a senior technologist at NeuStar. The Sterling, Virginia-based company began offering registry locks in 2010 and requires that website domain information be accompanied by two layers of verification, such as additional codes from security tokens.

“It is a niche business but there’s no reason for it to be,” he said. “It’s the kind of thing you have to do today.”

While Twitter’s site operated normally, twitter.co.uk was inaccessible for some users. The Syrian Electronic Army, which backs the country’s president, Bashar al-Assad, claimed responsibility for the New York Times and Twitter intrusions, as well as the Washington Post this month and the Financial Times in early May. Unknown hackers altered Google’s website in the Palestinian territories, displaying a map without Israel.

Raising Bar

The attacks exploited weaknesses in a registration network called the Domain Name System, exposing risks that site operators face because they’re relying on third parties to handle their online addresses. Weaknesses in DNS, which was created in the 1980s to help computers find websites using names instead of numbers, haven’t been seen as a significant threat outside of the financial-services and retail sectors up to now, according to John Pescatore, director of emerging-security trends at the SANS Institute in Stamford, Connecticut.

“There are still a lot of sloppy practices,” Pescatore said. “There’s a lot of room to raise the bar.”



Because Twitter, based in San Francisco, monitors its DNS information in real time and had implemented a registry lock, it was better prepared than the New York Times, according to HD Moore, chief research officer at Rapid7, a Boston-based security firm. Since the attacks, many other companies have moved to institute similar safeguards, he said.

DNS Flaw

Twitter has had its DNS records hacked before. The company acknowledged in 2009 that its DNS records were compromised by hackers who defaced the site with a message about Iran. Jim Prosser, a spokesman for Twitter, declined to comment on the company’s security measures.

A vast system that underpins how computers locate each other, DNS is often called the phone book of the Internet. In 2008, Dan Kaminsky, a security researcher, uncovered a flaw in the system that would let hackers easily impersonate legitimate sites. He worked with technology companies to fix it. The finding prompted several companies that process financial transactions online to adopt additional security measures to ensure their domain information is secure, while others stayed on the sidelines, according to SANS’s Pescatore.

Security Steps

NeuStar and VeriSign, another provider of registry lock services, declined to identify the companies using its registry lock services. Danny McPherson, chief security officer of VeriSign, said in a statement that the technology gives customers more control over who can change information.

Eileen Murphy, a spokeswoman for the New York Times Co., said the newspaper is looking at additional measures.

“In light of this attack and the apparent vulnerability even at what had been highly secure registrars, we are tightening all of our security,” she said.

Jay Nancarrow a spokesman for Google, declined to comment on the company’s security. The company’s Palestine site itself wasn’t hacked and Google is talking with the domain manager to resolve the issue, he said.

One complication of hosting sites with addresses of specific countries or regions is that many of the registration providers don’t use registry locks and other protective steps, said Paco Hope, a principal consultant with Cigital Inc.

“When you’re a company like the New York Times or Twitter or Google, your stock in trade is the Internet, it’s the service you offer, and that’s why it makes sense to put in a lot more security,” Hope said.

The rise in sophisticated hacking attacks is helping fuel a market for computer-security technology that is expected to exceed $65.7 billion this year, according to Gartner Inc.

Many companies that didn’t prioritize a threat involving their DNS records are now rethinking that approach, SANS’s Pescatore said.

“It’s one of several Achilles’ heels of using the Internet,” he said.

 

–With assistance from Michael Riley in Washington and Douglas MacMillan in San Francisco. Editors: Reed Stevenson, Stephen West

To contact the reporter on this story: Jordan Robertson in San Francisco at jrobertson40@bloomberg.net

To contact the editor responsible for this story: Tom Giles at tgiles5@bloomberg.net

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 22
  • Close
  • Fullscreen
  • Thumbnails

    Once upon a time on the Bowery

    Talking Heads, 1977
    This was their first weekend as a foursome at CBGB’s, after adding Jerry Harrison, before they started recording the LP “Talking Heads: 77.”

    Once upon a time on the Bowery

    Patti Smith, Bowery 1976
    Patti lit up by the Bowery streetlights. I tapped her on the shoulder, asked if I could do a picture, took two shots and everyone went back to what they were doing. 1/4 second at f/5.6 no tripod.

    Once upon a time on the Bowery

    Blondie, 1977
    This was taken at the Punk Magazine Benefit show. According to Chris Stein (seated, on slide guitar), they were playing “Little Red Rooster.”

    Once upon a time on the Bowery

    No Wave Punks, Bowery Summer 1978
    They were sitting just like this when I walked out of CBGB's. Me: “Don’t move” They didn’t. L to R: Harold Paris, Kristian Hoffman, Diego Cortez, Anya Phillips, Lydia Lunch, James Chance, Jim Sclavunos, Bradley Field, Liz Seidman.

    Once upon a time on the Bowery

    Richard Hell + Bob Quine, 1978
    Richard Hell and the Voidoids, playing CBGB's in 1978, with Richard’s peerless guitar player Robert Quine. Sorely missed, Quine died in 2004.

    Once upon a time on the Bowery

    Bathroom, 1977
    This photograph of mine was used to create the “replica” CBGB's bathroom in the Punk Couture show last summer at the Metropolitan Museum of Art. So I got into the Met with a bathroom photo.

    Once upon a time on the Bowery

    Stiv Bators + Divine, 1978
    Stiv Bators, Divine and the Dead Boys at the Blitz Benefit show for injured Dead Boys drummer Johnny Blitz.

    Once upon a time on the Bowery

    Ramones, 1977
    “The kids are all hopped up and ready to go…” View from the unique "side stage" at CBGB's that you had to walk past to get to the basement bathrooms.

    Once upon a time on the Bowery

    Klaus Nomi, Christopher Parker, Jim Jarmusch – Bowery 1978
    Jarmusch was still in film school, Parker was starring in Jim’s first film "Permanent Vacation" and Klaus just appeared out of nowhere.

    Once upon a time on the Bowery

    Hilly Kristal, Bowery 1977
    When I used to show people this picture of owner Hilly Kristal, they would ask me “Why did you photograph that guy? He’s not a punk!” Now they know why. None of these pictures would have existed without Hilly Kristal.

    Once upon a time on the Bowery

    Dictators, Bowery 1976
    Handsome Dick Manitoba of the Dictators with his girlfriend Jody. I took this shot as a thank you for him returning the wallet I’d lost the night before at CBGB's. He doesn’t like that I tell people he returned it with everything in it.

    Once upon a time on the Bowery

    Alex Chilton, Bowery 1977
    We were on the median strip on the Bowery shooting what became a 45 single sleeve for Alex’s “Bangkok.” A drop of rain landed on the camera lens by accident. Definitely a lucky night!

    Once upon a time on the Bowery

    Bowery view, 1977
    The view from across the Bowery in the summer of 1977.

    Once upon a time on the Bowery

    Ramones, 1977 – never before printed
    I loved shooting The Ramones. They would play two sets a night, four nights a week at CBGB's, and I’d be there for all of them. This shot is notable for Johnny playing a Strat, rather than his usual Mosrite. Maybe he’d just broken a string. Love that hair.

    Once upon a time on the Bowery

    Richard Hell, Bowery 1977 – never before printed
    Richard exiting CBGB's with his guitar at 4am, about to step into a Bowery rainstorm. I’ve always printed the shots of him in the rain, but this one is a real standout to me now.

    Once upon a time on the Bowery

    Patti Smith + Ronnie Spector, 1979
    May 24th – Bob Dylan Birthday show – Patti “invited” everyone at that night’s Palladium show on 14th Street down to CBGB's to celebrate Bob Dylan’s birthday. Here, Patti and Ronnie are doing “Be My Baby.”

    Once upon a time on the Bowery

    Legs McNeil, 1977
    Legs, ready for his close-up, near the front door of CBGB's.

    Once upon a time on the Bowery

    Suicide, 1977
    Rev and Alan Vega – I thought Alan was going to hit me with that chain. This was the Punk Magazine Benefit show.

    Once upon a time on the Bowery

    Ian Hunter and Fans, outside bathroom
    I always think of “All the Young Dudes” when I look at this shot. These fans had caught Ian Hunter in the CBGB's basement outside the bathrooms, and I just stepped in to record the moment.

    Once upon a time on the Bowery

    Tommy Ramone, 1977
    Only at CBGB's could I have gotten this shot of Tommy Ramone seen through Johnny Ramones legs.

    Once upon a time on the Bowery

    Bowery 4am, 1977
    End of the night garbage run. Time to go home.

  • Recent Slide Shows

Comments

Loading Comments...