Hackers limited targets, say experts

Jaeson Schultz, a Cisco Systems researcher, said that in the authoritative records known as WHOIS the Syrian Electronic Army listed itself as the contact for all of Twitter.com, which would have given it the power to take the site offline or place its own content there.

"It seems that their message is redirecting people back to their own website for news about the SEA or about Syria," Schultz said. "They don't seem to be interested in infecting end users, which is a good thing."

Hackers who successfully break into MelbourneIT's systems could potentially redirect and intercept emails sent to addresses under certain domains, researchers said. And users of sites that don't begin with "https" could have been fooled into entering passwords that could have been captured, said Jaime Balsco, a researcher with security firm AlienVault.

Because MelbourneIT serves as the registrar for some of the best known domain names on the Internet, including Microsoft.com and Yahoo.com, Tuesday's breach could have had potentially catastrophic consequences.

"This could've been one of the biggest attacks we've ever seen, if they were more subtle and more efficient about it," said HD Moore, the chief research officer at Rapid7, a cyber security firm. "They changed just a few sites, but if they had actually gone all out, they could've had most of the Internet watching them run the show."

Media companies, which were largely ignored by hackers until 2011, have been targeted since then by pranksters and suspected Chinese agents, as well as partisans in the Middle East.

"As long as media organizations play a critical role as influencers and critics, they will continue to be targets of cyber attacks," said Michael Fey, chief technology officer at Intel Corp's McAfee security division.