In response to news of the New York Time hack, Barry Shteiman, Senior Security Strategist at Imperva provided the following comments: Based on available resources, the New York Times hack is in fact a DNS service breach. If you go directly to NYT via their IP Address, the site is up and running. This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on 3rd party public services to conduct their business. While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premises – it is a much harder practice when some of that infrastructure is provided by a third party like an ISP or a DNS Hoster.
At some point, CIO’s need to realize that critical pieces of their online entities are controlled by vendors, and that security policies should apply to them as well.
Companies should create contingency plans, and check the security measurements taken by their 3rd party content and infrastructure providers. A DNS is unfortunately, a great example.
It makes lots of sense for a Hacktivist group that wishes to display their message and show that they exist – to go after high end media. The Syrian Electronic Army have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is in an essence, what Hacktivism is. There is no profit involved however making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after.