New York Times hacked, Syrian Electronic Army takes credit

A political hacktivist group that has the backing of the Syrian president apparently hit The New York Times, along with Twitter and The Huffington Post UK edition.

|
AP
The Syrian Electronic Army, which claimed to have hacked The New York Times website, was also responsible for hacking the BBC Weather Twitter feed this March.

Visitors to The New York Times website were greeted with blank browser screens for several hours on Tuesday, thanks to an attack claimed by the Syrian Electronic Army.

While the integrity of the Times’s website was not itself affected, those attempting to access that site through other servers around the world were redirected to Web addresses controlled by the SEA, several cybersecurity analysts told the Monitor.

At about the same time, Twitter and The Huffington Post UK edition were also the subject of cyberattacks apparently orchestrated by the SEA, according to Twitter accounts used by the SEA. Those attacks were confirmed separately by cybersecurity analysts contacted by the Monitor, who checked the SEA’s claims against Web addresses and Internet registrar sites.

Unlike the situation for the Times website, however, there were no immediately reported access problems for Twitter or Huffington Post users.

Analysts describe what happened to the Times as a DNS-type (or domain name system) attack. In such an attack, the website’s digital address is stolen from its rightful owner and then attached to a rogue site – in this case, the SEA home page, the analysts say.

“What The New York Times is trying to do is get their property back,” says John Bumgarner, a research director for the US Cyber Consequences Unit, a cybersecurity think tank. “Their website address was essentially stolen, hijacked away from them – and now The New York Times is scrambling to get full ownership back.”

It was the second time this month the Times site has gone down for an extended period, with the first time being attributed to internal technical server issues. Moreover, a hacker group also calling itself the Syrian Electronic Army claimed responsibility for a cyberattack that affected The Washington Post’s and CNN’s websites on Aug. 15.

The SEA is a political hacktivist group that has the backing of Syrian President Bashar al-Assad.

The New York Times confirmed that its site was unavailable to readers on Tuesday afternoon following a hacking attack on the company’s domain name registrar, Melbourne IT. Times employees were required not to send any sensitive e-mails.

“Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. warning employees that the disruption – which appeared to still be affecting the Web site more than two hours later – was the result of an external attack by ‘the Syrian Electronic Army or someone trying very hard to be them,’ ” the Times reported. “He advised employees to ‘be careful when sending e-mail communications until this situation is resolved.”

Most would-be viewers to the Times website, however, did not end up at the SEA website. Access to that site was apparently cut off by browser companies trying to assist the Times, some analysts suggested.

The way DNS works is that whenever a computer contacts a domain name like nytimes.com, it first has to contact its DNS server. The DNS server responds with one or more IP addresses where that computer can reach nytimes.com. Then the computer can connect to the Times website through that numerical IP address.

Put another way, DNS changes people-readable addresses like nytimes.com into computer-readable IP addresses like “170.149.168.130.”

Just on Monday, visitors to Google’s Web page in the Palestinian territories – Google.ps – would have been redirected. Even though Google’s own service was not hacked, the DNS for the website was hijacked – by political hacktivists apparently protesting the labeling of some territory as Israeli on Google Maps. The attack was similar to the DNS hijacking of the Times website address, cybersecurity experts say.

“While the [Google] attack wasn't major, nor did it affect Google's own services, I think it highlights a serious issue in Internet infrastructure,” says Rodrigo Bijou, an independent cybersecurity consultant. “Major brands across all sectors need to secure domain names in foreign countries, and often the security of DNS registries is quite poor....  This was a basic protest attack by hacktivists, but more malicious actors could do the same with more serious consequences.”

Some analysts suggested that the attack on the Times might be a particularly dangerous variety called “DNS cache poisoning” or “DNS spoofing.” This exploits vulnerabilities in the DNS to redirect Internet traffic away from legitimate servers and toward fake sites.

One reason DNS poisoning is hazardous, Mr. Bijou and others say, is because it can spread from one DNS server to another around the world. One such DNS poisoning in 2010 resulted in the “Great Firewall of China” temporarily widening far beyond China’s borders.

However, other experts said that while there were signs of a DNS hijacking on Tuesday, the dangerous cache poisoning was not occurring. Also, there was no evidence of a suspected secondary distributed denial of service attack on the Times, according to experts at Arbor Networks in Burlington, Mass. A DDoS attack bombards a site with data to overwhelm servers and block user access.

"There has been no evidence of a DDoS attack being involved with the ongoing attacks against the New York Times,” said Dan Holden, Arbor Networks director of security research, in a statement. “There has also been no evidence of cache-poisoning being involved in this attack. This appears to be the latest in an ongoing series of registrar compromises.”

Wherever possible, he noted, organizations should ensure that their service providers adequately protect their DNS infrastructure from attack.

“We continue to see DNS infrastructure leveraged as a weak link and jumping off point for attacks,” he said.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to New York Times hacked, Syrian Electronic Army takes credit
Read this article in
https://www.csmonitor.com/USA/2013/0827/New-York-Times-hacked-Syrian-Electronic-Army-takes-credit
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe