73
SAN JOSE, Calif. >> Readers who tried to click on the New York Times’ website got nothing but error messages this afternoon in its second major disruption this month, with a group calling itself “The Syrian Electronic Army” claiming responsibility.
Within minutes of the attack, the New York Times announced in a Twitter message that it would continue to publish the news. The site published two reports over two hours on chemical attacks in Syria. The news organization also set up an alternative news site, news.nytco.com.
The cause of today’s service problems at the New York Times was unknown, but the behavior was consistent with a hacking attack that hijacks control of a site from its administrators.
Times officials did not immediately return phone and email messages for comment. In a Twitter message, Times spokeswoman Eileen Murphy said the cause was a “malicious external attack.”
Two weeks ago, the Times’ website suffered an outage that the company blamed on a server problem.
The Syrian Electronic Army has, in recent months, taken credit for Web attacks on media targets that it sees as sympathetic to Syria’s rebels. The SEA claims to have hacked the Washington Post, and Twitter feeds of several news organizations including The Associated Press, Al-Jazeera English and the BBC.
The group said in a Twitter message today that it also took over Twitter and Huffington Post U.K.
Twitter spokeswoman Christina Thiry said the company is looking into the claims.
Twitter and The New York Times were both hit by a technique known as “DNS hijacking,” according to Robert Masse, president of Montreal, Canada-based security startup Swift Identity.
The technique works by tampering with domain name servers that translate easy-to-remember names like “nytimes.com” into the numerical Internet Protocol addresses (such as “170.149.168.130”) which computers use to route data across the Internet.
Domain name servers basically work as the Web’s phone books, and if attackers gains access to one, they can funnel users trying to access sites like The New York Times or Twitter to whichever rogue server they please.
Masse said DNS attacks are popular because they bypass a website’s security to attack the very architecture of the Internet itself.
“Companies spend a lot of time, money, resources and defending their servers, but they forget about auxiliary infrastructure that is integrally connected to their networks, like DNS.”
The domains for both Twitter.com and the NYTimes.com today pointed to an Australian company called Melbourne IT, a “world leader in domain name registration.” Their spokesman did not immediately respond to comment. Renesys Corp. meanwhile tracked the Internet protocol addresses back to the same ones as the Syrian Electronic Army’s sea.sy which the firm said in a Twitter message has been hosted in Russia since June.
Michael Fey, a chief technology officer at Santa Clara, Calif. based cybersecurity firm McAfee, said today that as long as media organizations play a critical role as influencers and critics, they will continue to be targets of cyber-attacks.
He said the battle tactics are broad, from denial of service attacks, to targeted attacks using social engineering and to deploying information-gathering Trojans.
“Regardless of technology or tactics deployed, we should expect to see more of these attacks,” he said.
FBI spokeswoman Jenny Shearer at the Washington D.C. headquarters said the agency has no comment on the attack.
Cybersecurity experts said hijacking attacks are preventable.
“As this incident illustrates, any time you integrate third party code into your site, it presents a new attack vector for hackers. You must not only ensure your own code is secure, but you must also rely upon third parties’ security practices,” said Aaron Titus, a privacy officer and attorney at New York-based privacy software firm Identity Finder.
