Pro-Assad Syrian group was the one who claimed responsibility for hacking Melbourne IT systems with a valid password. Australian Internet hosting firm Melbourne IT suffered a major hacker attack which affected the New York Times website and Twitter.

The Syrian Electronic Army is known for supporting the Assad regime in Syria and it was the one who claimed responsibility for the DDoS attack on the New York Times website, which resulted in downtime of a few hours. The group also claimed that it hacked Twitter’s domain. The affected websites both use Melbourne IT as a domain name registrar.

Theo Hnarakis, the CEO of Melbourne IT, admitted that the perpetrators gained access to the company’s systems using a valid user name and password. It seems like one of the company’s resellers in the United States was targeted and the outfit is now investigating how it could have happened. Melbourne IT is working with a variety of parties in order to trace the Internet service provider in charge and find out who was responsible for the failure. The company had to admit the vulnerability exists and agree it needs to make sure the failure won’t happen again. However, Melbourne IT can’t even confirm at which stage the systems had been hacked.

The company announced that the New York Times and Twitter were both back online and operating as usual, after changing and locking system passwords. Aside from the online giants, four other lesser known services were affected as well. The company holds registrations for major sites in the country.

In the meantime, Twitter confirmed that it regained control of its domain, stating that the viewing of pictures was “sporadically impacted”. As for the New York Times, they said the incident was caused by a “malicious external attack” and recommended its employees to be careful when sending emails. The NYT believes that a domain registrar should be very serious about security, as it is holding the security to thousands of websites. If someone obtains access to the domain registrar, the site visitors can be easily redirected away from a website, while their emails can be read.

A couple weeks before this incident, the Syrian Electronic Army was reported to hack the Washington Post’s website, with the site operators admitting that the service had fallen victim to a sophisticated phishing attack to gain password data.