The New York Times and Twitter websites were both targeted in a hacking attack the Syrian Electronic Army (SEA) has been accredited with. The hacker group has taken credit for a number of different web attacks over the past few months – including the Washington Post, The Daily Telegraph, the BBC, The Associated Press, and Al-Jazeera – targetting sources that it believes have shown support and are sympathetic to Syria’s rebels.
The New York Times was affected the most by the attack, with its website brought down for a number of hours. The newspaper was swift in reacting to the attack however, setting up alternative links and web pages within minutes. Full service was restored early on Wednesday morning.
“Our website was unavailable to users in the United States for a time on Tuesday,” the New York Times stated in a post on its website.
“The disruption was the result of an external attack on our domain name registrar, and we are at work on fully restoring service. We regret if this has caused you any inconvenience.”
Twitter fared much better under attack from the SEA, with the social media giant stating the “viewing of images and photos was sporadically impacted” by the hack. One of the domains Twitter uses for its image service, twimg.com, was the target of the attack, so access to the main Twitter website would have been largely unaffected. Full service was restored within two hours.
The SEA also took credit for taking down the Huffington Post UK website, posting an image of the web page down to its Twitter page. The newspaper has yet to comment on the extent to which its website was affected by the hacks however.
The hacks took place through Melbourne IT, an Australian web hosting company that registered the domain names of the target websites. The chief executive of Melboune IT, Theo Hnarakis, said the hackers were able to access the New York Times’ domain using the correct username and password:
“They came in through the front door. If you have got a valid username and password . . . the assumption from our systems is that you are the authorised owner and user of that domain name.” Hnarakis said.
Chief information officer for The New York Times, Marc Frons, said in an interview that these recent hacks were more sophisticated and required more skill than the attacks made by the SEA earlier this year:
“In terms of the sophistication of the attack, this is a big deal,” Mr Frons said. “It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites.”