The Times’ virtual registration records are seemingly being altered by the Syrian Electronic Army.
The newspaper’s site went down at around four in the afternoon.
@Official_SEA16. In the name of Syria and Bashar al Assad.—
مخابرات عامة (@AshResistance) August 27, 2013
The SEA is also taking credit for altering the whois records of the UK digital edition of the Huffington Post and Twitter.
WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The WHOIS protocol is documented in RFC 3912.
The Times is copping to an “external attack,” according to a spokeswoman. And in its wake, the newspaper company immediately began instructing its employees…
More: NYTimes employees told to stop sending sensitive emails after hackers compromise domain nam registrar - http://t.co/KZg87Bezgw—
Matthew Keys (@MatthewKeysLive) August 27, 2013
The siege comes just as President Obama is considering a limited strike against Syria to “‘deter and degrade’ the ability of President Bashar al-Assad’s regime to launch chemical weapons,” according to the NYT.
As for the disruption itself…
From the Verge:
The method … appears to focus on the Times‘ DNS host, a service which redirects users from the URL, “http://www.nytimes.com,” to the hidden IP address of the Times‘ server. The DNS record below, spotted by White Hat Security’s Matt Johansen, shows the DNS record has been changed to direct users to an IP address associated with the SEA.
The SEA took control of the Financial Times website this May, and previously targeted the Guardian, NPR, and The Washington Post. The Times has also seen numerous cyberattacks, and most recently was brought down on August 14th for a period of several hours, during which time it began publishing reports on Facebook. The SEA generally is also responsible for a spate of Twitter account hackings, which are generally accomplished through phishing attacks.
The timing for the attacks coincides with US declarations that Syria had to be held accountable for chemical attacks. While the SEA frequently makes attacks that aren’t particularly clear in their intention, others have clearly targeted tools that are used throughout the Middle East by rebels.
We will continue to publish the news. Here is our latest report on Syria: nyti.ms/12ICzNQ—
The New York Times (@nytimes) August 27, 2013
In response, however, the Wall Street Journal immediately began
trolling offering its digital services for free.
The move is similar to how the WSJ handled the Times’ website outage earlier this month when the newspaper claimed that its website was felled by a technical issue. That misfortune shuttered the media giant’s online operations for roughly two hours in the middle of August.
The NYT site has gone down, so the @wsj is making its site free. Who are you, clever person in our building?—
Jennifer Valentino (@jenvalentino) August 27, 2013
From the LA Times:
The New York Times website was down Wednesday morning because of “technical difficulties,” the newspaper said.Users trying to access nytimes.com were greeted by an error message.
This isn’t the first time the Times has dealt with hackers. In January, the Times’ reported that Chinese-born attacks that lasted for roughly four months.
From ARS Technica:
The e-mail accounts of several reporters who worked on a story critical of the family of Chinese prime minister Wen Jiabao were infiltrated, and the passwords of every single New York Times employee were stolen. However, there is no evidence that information about sources for the stories on the Wen family was obtained, Times Executive Editor Jill Abramson said.
Recently, after laying low for months, that group of hackers re-emerged, according to the magazine.
The hacking team suspected of infiltrating New York Times computers for four months has resurfaced with new attack tools after months of lying low, security researchers said. The group, commonly known as APT 12, has for years engaged in a series of computer intrusions designed to obtain sensitive information from government agencies, military contractors, journalists, and others. According to a blog post published Monday by research firm FireEye, the gang went silent after the exposure of the four-month hacking campaign, which the NYT said was in response to a story critical of the family of Chinese prime minister Wen Jiabao.
As of about 6:30, the NYT’s website was running over http://18.104.22.168/