NY Times site, Twitter hacked

2013-08-28 08:20
Hacking kit. (Peter Dejong, AP/File)

Hacking kit. (Peter Dejong, AP/File)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

San Jose - Readers who tried to click on the New York Times' website got nothing but error messages on Tuesday afternoon during the site's second major disruption this month, and people also had trouble accessing Twitter.

A hacker group calling itself the "Syrian Electronic Army" claimed responsibility.

Within minutes of the attack, the New York Times quickly set up alternative websites, posting stories about chemical attacks in Syria. "Not Easy to Hide a Chemical Attack, Experts Say", was the headline of one.

The cyber attacks come at a time when the Obama administration is trying to bolster its case for possible military action against Syria, where the administration says President Bashar Assad's government is responsible for a deadly chemical attack on civilians. Assad denies the claim.

"Media is going down..." warned the Syrian Electronic Army in a Twitter message before the websites stopped working, adding that it also had taken over Twitter and the Huffington Post UK.

Australian company

Times spokesperson Eileen Murphy said the disruption was caused by a "malicious external attack" that affected its website and e-mail, while Twitter spokesperson Jim Prosser said the viewing of images and photos was sporadically affected. Huffington Post UK did not respond to requests for comment.

Both Twitter and the Times said they were resolving the attack, which actually hit an Australian company that registered their domain names, Melbourne IT.

Melbourne IT spokesperson Tony Smith said a reseller's username and password were used to access several domain names on that reseller's account. Several of those domain names were changed, including the Times' domain.

Once Melbourne IT was notified, the company restored the affected DNS records to their previous values and locked the affected records from any further changes, Smith said. It also changed the reseller's credentials so no further changes could be made.

"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," Smith said in an e-mail.

"We will also review additional layers of security that we can add to our reseller accounts," he added.

Tracking the hack even further, computer forensics from security firm Renesys traced the Internet Protocol addresses back to the same ones as the Syrian Electronic Army's website sea.sy, which the firm said has been hosted out of Russia since June.

'DNS hijacking'

A Syrian Electronic Army activist confirmed to The Associated Press that the group hijacked the Times' and Twitter's domains by targeting Melbourne IT.

"I can't say how, but yes we did hit Melbourne IT," the hacker said in an e-mail. No further details were disclosed.

The Syrian Electronic Army has, in recent months, taken credit for web attacks on media targets that it sees as sympathetic to Syria's rebels, including prior attacks at the New York Times, along with the Washington Post, Agence France-Press, 60 Minutes, CBS News, National Public Radio, The Associated Press, Al-Jazeera English and the BBC.

FBI spokesperson Jenny Shearer in Washington said the agency has no comment on Tuesday's attack.

Tuesday's victims were hit by a technique known as "DNS hijacking", according to Robert Masse, president of Montreal, Canada-based security start-up Swift Identity.

The technique works by tampering with domain name servers that translate easy-to-remember names like "nytimes.com" into the numerical Internet Protocol addresses (such as "170.149.168.130") that computers use to route data across the internet.

Code

Domain name servers work as the web's phone books, and if attackers gains access to one, they can funnel users trying to access sites like The New York Times or Twitter to whichever rogue server they please. Masse said DNS attacks are popular because they bypass a website's security to attack the very architecture of the internet itself.

"Companies spend a lot of time, money, resources and defending their servers, but they forget about auxiliary infrastructure that is integrally connected to their networks, like DNS."

Cyber security experts said hijacking attacks are preventable if website administrators are meticulous about what code they bring into their sites.

"As this incident illustrates, any time you integrate third-party code into your site, it presents a new attack vector for hackers. You must not only ensure your own code is secure, but you must also rely upon third parties' security practices," said Aaron Titus, a privacy officer and attorney at New York-based privacy software firm Identity Finder.
Read more on:    twitter  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.
NEXT ON NEWS24X

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
2 comments
Comments have been closed for this article.

Inside News24

 
/News

Book flights

Compare, Book, Fly

Traffic Alerts
There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.




Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.