NY Times and Twitter outages - Details of August 2013 attack
A highly realistic email phishing attack led to compromises in website and DNS settings by hackers as described in links:
QUOTE: The dust is still settling from yesterday's attacks on Twitter and the New York Times, but observers have already gained valuable insight into the methods that made the hacks possible. The LA Times is reporting that the hacks originated with a phishing email sent by the Syrian Electronic Army to the CTO of MelbourneIT, the DNS registrar for both Twitter and the New York Times. The emails were convincing enough to trick one of Melbourne's resellers into giving up login credentials, which gave the hackers a crucial opening. From there, they were able to acquire the credentials of one of MelbourneIT's resellers, and go to work redirecting NYTimes.com visitors to the SEA's own IP address
A Cloudflare post went into more detail on the aftermath of the hack, in which the Times called in outside help from Google, Cloudflare and OpenDNS. The bad records entered by the hackers quickly moved upstream to Verisign, the top-level registrar for nytimes.com, which resulted in major outages and redirections. Strangely, MelbourneIT was unable to fix the registry itself, so the team went to work at every level of the DNS system, from Verisign's top-level registry to the various servers connecting Verisign to MelbourneIT.