The New York Times was back online Wednesday morning after a hack of Internet registrar MelbourneIT allowed the Syrian Electronic Army to compromise the newspaper's website.
The site was still experiencing intermittent connection issues, though. For those unable to access NYTimes.com, the paper is also publishing stories on news.nytco.com.
In a blog post explaining the hack, Matthew Prince, CEO of security firm CloudFlare, categorized it as a "very spooky attack" since "MelbourneIT is known for having higher security than most registrars."
In a note to customers posted on the CloudFlare blog, MelbourneIT said the username and password of a company reseller was accessed and used to change the DNS records of several domain names. MelbourneIT's blog is currently offline, reportedly after being hacked by the SEA, the group said on its Twitter feed.
As CloudFlare explained, website owners purchase and manage domains through organizations known as registrars like MelbourneIT, which also handles Twitter and The Huffington Post.
"When you visit NYTimes.com your browser looks up the domain against the Internet's DNS network. The first step in that request is a query to a recursive DNS provider," Prince wrote.
"Recursive DNS providers follow the DNS chain, starting at the root, then the TLD registry, then ultimately to whatever is listed as the authoritative name server for the domain," he continued. "In order to lighten the load upstream, recursive DNS providers cache results for a limited period of time known as a TTL. Compromising any step in the DNS chain would allow an attacker to take over some or all traffic destined for a site. That's exactly what happened today."
Technical teams from CloudFlare, OpenDNS and Google, meanwhile, found malware on the site to which the NYTimes.com site was redirected. In searching for other domains that had been altered by the SEA, the team found updates to records for Twitter and the Huffington Post. "These organizations also used MelbourneIT, suggesting that the compromise was more than just the NYT's account," Prince said.
Prince said CloudFlare does not yet have details about exactly how the hack was accomplished. For the most part, the SEA has focused on phishing schemes - sending emails with links that redirect to sites that request log-in information for familiar sites like Gmail. The sites are dummy sites, however, and people are simply handing over their email usernames and passwords to the SEA. The organization has used this information to hack into email accounts, find log-in information for things like Twitter accounts, and deface those accounts. It's unclear if a similar tactic was used here; the SEA has not elaborated on its methods.
Twitter.com remained online during the attack, though the U.K. version was inaccessible for a time. Some users had trouble loading images, however, a problem that persisted today. The SEA tweeted this morning that it "placed twitter in darkness as a sign of respect for all the dead #Syria-ns due to the lies tweeted it."
The Syrian Electronic Army emerged in September. The hackers reportedly started attacking Western websites in retaliation for Innocence of Muslims, an anti-Islamic video that resulted in violent demonstrations in the Middle East. They have since been targeting news sites they believe are reporting news hostile to the Syrian government, including the Financial Times, The Guardian, the BBC, and even The Onion. Chat apps like Tango and Viber were also attacked.
This latest hack comes as the U.S. weighs strikes on Syria in response to President Bashar al-Assad's use of chemical weapons.
When members of the Anonymous hacking collective quizzed the SEA about the use of chemical weapons on innocent civilians, the SEA responded that "it was the way to strike Syria, after the terrorists failed in their mission to toppling the government."
Get Our Best Stories!
Sign up for What's New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
Read the latest from Chloe Albanesius
- 7 Must-Try Features Coming to Your iPhone With iOS 18
- Everything Apple Announced at Its iPhone 16 'Glowtime' Event
- iPhone 16 Adds 'Camera Control' Button, But No Apple Intelligence (Yet)
- Hulu Is How Much?! Your Guide to Streaming Service Costs and Price Hikes
- Last Chance: 18 PCMag Award-Winning Products That are Still on Sale
- More from Chloe Albanesius
