|Syrian Electronic Army Claims Cyber Attacks|
|BY JOANNA STERN (@joannastern) , LAUREN EFFRON (@leffron831) and LEE FERRAN (@leeferran)||Aug 27, 2013, 4:49 PM|
For the second time this month, the New York Times' website has gone down.
However, unlike the first outage on Aug. 14, which was blamed on server problems, the company said it believed today's outage was a result of external "malicious attack."
"The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT," the Times wrote in an article published through a backup site this evening. "The attack also required employees of The Times to stop sending out sensitive e-mails."
Earlier today, a Twitter account allegedly belonging to the Syrian Electronic Army, a pro-Syrian-regime hacker collective, claimed to have taken over The New York Times website, Huffington Post UK's website and Twitter.com, by hacking into each of the site's registry accounts, or what is known as a domain name server (DNS).
The account today tweeted first, "Hi @Twitter, look at your domain, its owned by #SEA :)," and posted a screen shot of what appeared to be the search results for Twitter's domain registry on the domain name registration database, Whois.DomainTools.com.
In the screen shot, it appeared that some of the contact information was changed so that looked like the Syrian Electronic Army owned Twitter.com.
Then, the same account claimed it hacked into the New York Times' and Huffington Post UK's DNS accounts, making it appear as if the Syrian Electronic Army owned those sites, as well.
Melbourne IT released a statement this evening acknowledging an unknown party accessed a "reseller" account with a stolen ID and password and used that access to tamper with client domain names, including that of The New York Times. The company said it later reversed those changes.
"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," the statement said. "We will also review additional layers of security that we can add to our reseller accounts."
When asked what a hacker could do with a successful DNS attack, Brian Krebs, a cyber security blogger at KrebsOnSecurity.com who investigated the alleged attack, said, "What couldn't you do?"
"What DNS does is translate human-friendly domain names [like nytimes.com] into IP addresses and vice-versa. Essentially, if you hijack somebody's domain name server or alter their information, you can control where the computer sends the user online," said Krebs.
In a statement on the company's blog, Twitter said, "At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter's domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident."
Despite the claims from the Syrian Electronic Army's apparent account, Twitter.com and Huffington Post's UK site appeared to be functioning normally.
The New York Times' main website, however, appeared to remain down as of approximately 11 p.m. ET. It appeared the site went down or began to have performance issues starting at approximately 3:30 p.m. ET.
Whether the Syrian Electronic Army was responsible for the New York Times website being down remained to be confirmed. When asked by ABC News about any Syria links, New York Times spokeswoman Eileen Murphy had no comment.
Rick Holland, information security expert at Forrester Research, said that if the SEA was indeed behind today's attacks, "this is continued behavior that we have seen for the last couple of years. This isn't anything new for this group."
In the past, the same Twitter account claimed responsibility on behalf of the Syrian Electronic Army for an Aug. 15 attack on the Washington Post, as well as attacks on the websites for CNN and Time.
In recent months, the SEA has publicly taken credit for a series of high-profile cyber assaults, including taking over the Twitter feeds of prominent organizations such as The Associated Press, Reuters, The New York Post and the satirical news site The Onion.