The New York Times is still feeling the effects of a Tuesday afternoon attack on its Web site. The hack was claimed by a group known as the Syrian Electronic Army, which also asserted responsibility for a similar attack on social networking site Twitter.
Tuesday’s intrusions were the most sophisticated in a series of attacks on high-profile Western media organizations, including The Washington Post and the Associated Press. The hackers use the attacks to broadcast their support of Syrian President Bashar al-Assad, although the group has never been found to have any official ties to his regime.
Little is known about the group, which appears to made up of mostly younger people. To date, no person has ever been arrested for being a member.
Neither Twitter nor the Times has confirmed that the attacks were the result of efforts by the SEA, although there is evidence suggesting the group was behind both.
The attackers were able to disrupt the Web sites owned by the Times and Twitter by accessing the records of an Australian firm, Melbourne IT, which registers domain names, such as nytimes.com, and stores directory records for those Web sites. The hackers then altered the information on these records, which allowed them to prevent users from seeing the Times’ s Web site.
In some cases, users were also redirected to a page with what appeared to be the SEA’s logo. The contact information on the records for the Times and Twitter sites was changed to Web properties tied to the Syrian Electronic Army.
Times spokeswoman Eileen Murphy confirmed that the attack on the newspaper’s Web site was the result of a “external attack on our domain name registrar.” In a statement to The Washington Post, Melbourne IT said that hackers were able to gain access to the sites by obtaining log-in credentials to a third-party company responsible for maintaining the records of Web sites, including nytimes.com.
The SEA, in the past, has obtained user names and passwords by “phishing,” or sending legitimate-looking e-mails that ask people to enter their log-in credentials. That appears to have happened in this case, according to Melbourne IT.
While the registrar said that it has corrected the records and taken steps to prevent similar attacks in the future, it can take some time for the changes to go into effect. As of Wednesday morning, the Times’ s Web site was still inaccessible for many users, prompting the newspaper to also publish stories to an alternate Web site.
Follow The Post’s new tech blog, The Switch, where technology and policy connect.