“Syrian Electronic Army’s Alleged Attack Hit Soft Spot,” Wall Street Journal, August 29, 2013 B3. http://on.wsj.com/1dTSRZ9 Attack on Australian domain registrar leads to denial of service at New York Times, Twitter, Huffington Post and other sites. Syrian Electronic Army claims responsibility.
There was an optional feature that would have prevented this, but NYT and Twitter didn’t use it. Now they do.
Focus on IT security is often at the server level. Prevent physical access by outsiders, and limit system access to approved people. Snowden was a failure in limiting system access and downloading. But what was the process in place for deciding whether to activate the registry-change lock ? Did people quantify the risks? Who was involved in the decision?
Where else do third parties control potential links? Are you using the cloud?