Syrian group cited as New York Times outage continues

As an outage of the New York Times website stretched into its second day Wednesday, evidence continued to mount that it was the result of an attack by the Syrian Electronic Army.

The group, loyal to Syrian President Bashar Al-Assad, has been behind multiple attacks on media websites in recent months and, on Twitter, took credit for a sophisticated hack that had hobbled the news site for roughly 20 hours.

“The @nytimes attack was going to deliver an anti-war message but our server couldn’t last for 3 minutes,” the group posted on its Twitter feed at about 9:40 Wednesday morning.

The attack came as governments in several countries considered military action in light of reports that Al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.

“Our website and domain are now down, but it was worth the attempt, for #Syria and world peace,” the group wrote later.

The group said their site was taken down because they violated their registration agreement.

People on Twitter began reporting the New York Times site was down as early as 3 p.m. ET Tuesday. Some users also reported difficulty accessing the Times’ mobile site and apps.

The newspaper posted a message on its Facebook page about 5 p.m. ET that said, “Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack.”

New York Times chief information officer Marc Frons sent the same update internally to employees at 4:20 p.m. and advised them not to send out sensitive emails “until this situation is resolved,” according to a statement from the New York Times. The outage was the result of an attack on the company’s domain name registrar, Melbourne IT.

Twitter also was hampered briefly by a similar attack.

Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage.

The Syrian Electronic Army has frequently targeted the U.S. news media. The group has hacked into the Twitter feeds of the Associated Press and The Washington Post, and on August 15 they briefly hacked the websites of several major news organizations, including CNN, redirecting them to a SEA page.

Frons said Tuesday’s attack was more sophisticated than previous SEA hacks.

“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons in the New York Times.

While the site was down, the New York Times continued to post articles at its numerical IP address, 170.149.168.130 and at news.nytco.com.

Tuesday’s episode was the Times’ second sustained website outage this month. The newspaper’s site also went down August 14 for several hours, an outage the newspaper blamed on “an internal issue.”

In an update on a company blog, Twitter confirmed that there was a DNS issue with one of the domains used to host images. “Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident,” said the post.

TM & © 2013 Cable News Network, Inc., a Time Warner Company. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

1 Comment

  • Techie Guest

    I suggest a closer look at the NYTimes.com outage. From an IT professional's perspective, the Times is causing their own outage today.

    Yesterday, the registrar was hacked to repoint the authoritative DNS nameservers to sea.sy, the Syrian Electronic Army's domain. That was fixed. However – as of today, the authoritative nameservers (that tell the world the correct IP address for nytimes.com) are pointing to the NYTimes' nameservers. This shows that the Times is causing their own outage today:

    (1) The website itself is up, via its correct IP address 170.149.168.130 .
    (2) A check of the WHOIS database, where the world looks for the nytimes.com IP address, shows the nameservers DNS.EWR1.NYTIMES.COM and DNS.SEA1.NYTIMES.COM. Not the SEA's domain.
    (3) The Times' nameservers are not reachable by their name, but they are reachable by IP. This can be proved by running the command "nslookup nytimes.com 170.149.168.134". The Times' nameservers are working fine, not down or overloaded. The only thing causing the nytimes.com outage right now, is that the NYTimes' own nameservers are not resolving correctly *within their own network that they have full control over*.

    Only the NYTimes' IT Department could be causing today's outage for the past 10+ hours.

Follow

Get every new post delivered to your Inbox.

Join 679 other followers