The dust is still settling from yesterday's attacks on Twitter
and the New York Times
, but observers have already gained valuable insight into the methods that made the hacks possible. The LA Times
is reporting that the hacks originated with a phishing email sent by the Syrian Electronic Army
to the CTO of MelbourneIT, the DNS registrar for both Twitter and the New York Times
. The emails were convincing enough to trick one of Melbourne's resellers into giving up login credentials, which gave the hackers a crucial opening. From there, they were able to acquire the credentials of one of MelbourneIT's resellers, and go to work redirecting NYTimes.com visitors to the SEA's own IP address.