August 28, 2013
Syrian Electronic Army Brings Down New York Times
Michael Harper for redOrbit.com - Your Universe Online
The Syrian Electronic Army (SEA) is taking credit for an attack against the websites of Huffington Post, Twitter and the New York Times. The group of activist hackers supports Syrian President Bashar al-Assad and has taken to attacking western news media outlets that do not show the same support.
The SEA says it took control of these three websites with a DNS attack, but only the New York Times reported experiencing prolonged downtime as a result of the infiltration. The website was unavailable to viewers Tuesday afternoon and attacks carried on into the evening. Service has since been restored at the site. The Times now joins the ranks of The Associated Press, The Financial Times, The Guardian and CNN - all news sources which have been targeted by the SEA.
In a statement, Marc Frons, chief information officer for The New York Times Company said the site had been taken down as “the result of a malicious external attack.” The newspaper company told their employees to take extra care when sending out sensitive emails from their work accounts and worked quickly to set up alternative websites. A Twitter account for the hacking collective claimed they were responsible for bringing down the website, saying “Media is going down.”
The SEA used a DNS attack to target the Times, Twitter and the UK arm of the Huffington Post, essentially taking control of the websites. According to the Times, SEA hackers targeted their domain name registrar, an Australian company called Melbourne IT. In a statement, the registrar acknowledged that a third party accessed a reseller account with a stolen ID and password and began changing some of the domain names.
"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," reads the statement.
Melbourne IT has also said that they will revisit their security measures following this attack. The UK’s Huffington Post also acknowledged they had been targeted in the attack, but said they only experienced a “minimal disruption of service.”
Twitter also confirmed some of their domain names were changed yesterday, but Twitter.com remained up and active throughout the attack. In a Tweet from the SEA, the hackers wrote "Hi @Twitter, look at your domain, its owned by #SEA : ).” The Tweet was accompanied by a screenshot of the domain name registration database whois.domaintools.com showing they had taken control of the site.
“At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter's domains used for image serving, twimg.com,” said Twitter in an official statement Tuesday evening.
“Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident."
Similar attacks made headlines earlier this year as several other websites and Twitter accounts for news sources fell under the hand of the SEA. Mr. Frons with the New York Times says this week's attack was much more significant, however, as the activist hackers actually took control of their domain.
“A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons.