NYT’ Website Attacked; Syrian Electronic Army Takes Credit

For the second time in as many weeks, the New York Times’ website is 404 — this time as the result of the efforts of digital criminals.

The Times’ virtual registration records are seemingly being altered by the Syrian Electronic Army.

The newspaper’s site went down at around four in the afternoon.

The SEA is also taking credit for altering the whois records of the UK digital edition of the Huffington Post and Twitter.

From Wikipedia:

WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.[1] The WHOIS protocol is documented in RFC 3912.

The Times is copping to an “external attack,” according to a spokeswoman. And in its wake, the newspaper company immediately began instructing its employees…

The siege comes just as President Obama is considering a limited strike against Syria to “‘deter and degrade’ the ability of President Bashar al-Assad’s regime to launch chemical weapons,” according to the NYT.

(Ironically, the top two stories on the Times’ website during the attack were focused the potential skirmish.) top stories

As for the disruption itself…

From the Verge:

The method … appears to focus on the Times‘ DNS host, a service which redirects users from the URL, “http://www.nytimes.com,” to the hidden IP address of the Times‘ server. The DNS record below, spotted by White Hat Security’s Matt Johansen, shows the DNS record has been changed to direct users to an IP address associated with the SEA.

Nytimesdns

The SEA took control of the Financial Times website this May, and previously targeted the Guardian, NPR, and The Washington Post. The Times has also seen numerous cyberattacks, and most recently was brought down on August 14th for a period of several hours, during which time it began publishing reports on Facebook. The SEA generally is also responsible for a spate of Twitter account hackings, which are generally accomplished through phishing attacks.

The timing for the attacks coincides with US declarations that Syria had to be held accountable for chemical attacks. While the SEA frequently makes attacks that aren’t particularly clear in their intention, others have clearly targeted tools that are used throughout the Middle East by rebels.

During the exploit, the Times continued to publish over both its Twitter account and its mobile site.

In response, however, the Wall Street Journal immediately began trolling offering its digital services for free.

The move is similar to how the WSJ handled the Times’ website outage earlier this month when the newspaper claimed that its website was felled by a technical issue. That misfortune shuttered the media giant’s online operations for roughly two hours in the middle of August.

From the LA Times:

The New York Times website was down Wednesday morning because of “technical difficulties,” the newspaper said.

Users trying to access nytimes.com were greeted by an error message.

This isn’t the first time the Times has dealt with hackers. In January, the Times’ reported that Chinese-born attacks that lasted for roughly four months.

From ARS Technica:

The e-mail accounts of several reporters who worked on a story critical of the family of Chinese prime minister Wen Jiabao were infiltrated, and the passwords of every single New York Times employee were stolen. However, there is no evidence that information about sources for the stories on the Wen family was obtained, Times Executive Editor Jill Abramson said.

Recently, after laying low for months, that group of hackers re-emerged, according to the magazine.

The hacking team suspected of infiltrating New York Times computers for four months has resurfaced with new attack tools after months of lying low, security researchers said. The group, commonly known as APT 12, has for years engaged in a series of computer intrusions designed to obtain sensitive information from government agencies, military contractors, journalists, and others. According to a blog post published Monday by research firm FireEye, the gang went silent after the exposure of the four-month hacking campaign, which the NYT said was in response to a story critical of the family of Chinese prime minister Wen Jiabao.

The Times

As of about 6:30, the NYT’s website was running over http://170.149.168.130/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s