News that the New York Times was hacked by the Syrian Electronic Army is interesting not because of the fact that NYT was hacked by the hacking group, but by the method of gaining access.
According to this article, information security at the NYT fell over because they forgot that cyber-security doesn’t stop at the perimeter. It would seem that MelbourneIT , an Australian hosting company for both Twitter and NYT was breached. This then allowed the Syrian Electronic Army to gain access to the DNS records of domains owned by Twitter and NYT which they then proceeded to change.
A number of quick conclusions
- This was a well planned attack almost certainly took some time to conceive, research and operationalise.
- You should assume your organisation will be hacked. Work out how to detect the breach and recover quickly.
- Cyber-security is an evolutionary struggle between those who wish to break systems and those who wish to stop systems being broken. Quite often its the same people eg NSA
- 80-90% of the differences between good cyber-security and great cyber-security are not in the IT, they are in the organisational approach and culture.
- In this hack, a variety of methods seem to have been used, including phishing and attacking the DNS servers via privilege escalation.
- Cyber-security requires expertise in managing information, risk and developing resilient organisational frameworks, something often forgotten.
- Everybody is your neighbour on the Internet, the good guys and the bad.
- Cyber-security practitioners need to consider the risks to high-value systems that they are protecting from connected suppliers and customers.
- This requires cyber-security practitioners who are good people influencers, because the vulnerabilities tend to be at human interfaces.