The web site for the New York Times was taken offline today by the Syrian Electronic Army, using credentials from a reseller for Melbourne IT. One tactic that might have helped prevent that? A registrar lock.
Picture: Adam Kinney
Melbourne IT’s official statement on the attack explains the basic mechanics of the attack:
The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT’s systems. The DNS records of several domain names on that reseller account were changed – including nytimes.com. Once Melbourne IT was notified, we changed the affected DNS records back to their previous value, locked the affected records from any further changes at the .com domain name registry, and changed the reseller credentials so no further changes can be made.
The importance of locking the records was emphasised further on in the statement:
For mission critical names we recommend that domain name owners take advantage of additional registry lock features available from domain name registries including .com – some of the domain names targeted on the reseller account had these lock features active and were thus not affected.
As Wikipedia’s registrar lock page explains, with a registrar lock in place modifications to records can’t be easily made, which makes taking over a page more difficult. That can make managing your domain more complex, but it provides extra security.