News

New York Times, Twitter hacked by Syrian group

New York Times, Twitter hacked by Syrian group

A man speaks on his mobile phone in front of the New York Times building in New York City May 21, 2009. Photo: Reuters/Joel Boh

By Gerry Shih and Joseph Menn

SAN FRANCISCO (Reuters) – Media companies, including the New York Times, Twitter and the Huffington Post, lost control of some of their websites Tuesday after hackers supporting the Syrian government breached the Australian Internet company that manages many major site addresses.

The Syrian Electronic Army (SEA), a hacker group that has attacked media organizations it considers hostile to Syrian President Bashar al-Assad, claimed credit for the Twitter and Huffington Post hacks in a series of Twitter messages.

Security experts said electronic records showed that NYTimes.com, the only site with an hours-long outage, redirected visitors to a server controlled by the Syrian group before it went dark.

New York Times Co spokeswoman Eileen Murphy tweeted the “issue is most likely the result of a malicious external attack”, based on an initial assessment.

The Huffington Post attack was limited to the blogging platform’s British web address. Twitter said the hack led to availability issues for 90 minutes but that no user information was compromised.

The attacks came as the Obama administration considers taking military action against the Syrian government, engaged in a civil war against rebels for more than two years.

In August, hackers promoting the Syrian Electronic Army targeted websites belonging to CNN, Time and the Washington Post by breaching a third party service used by those sites.

The SEA managed to gain control of the sites by penetrating MelbourneIT, an Australian Internet service provider that sells and manages domain names including Twitter.com and NYTimes.

The New York Times, which identified MelbourneIT as its domain name registrar and the main hacking victim, told employees not to send sensitive emails from corporate accounts.

MelbourneIT tracked the breach to an Indian Internet service provider, saying two staff members from one of their resellers opened a fake email seeking login details.

“The SEA went after the company specifically to create a high-profile event,” CEO Theo Hnarakis told Reuters. “This was quite a sophisticated attack.”

One staff member was the direct manager of the NYTimes domain, along with other media companies and had the login and password information of the company in his email, which the hackers accessed.

Hnarakis confirmed that other media organizations were also attacked, but this proved unsuccessful as their customers used a secondary security measure known as a registry lock.

MelbourneIT said it restored the correct domain name settings, changed the password on the compromised account, and locked the records to prevent further alterations.

Twitter did not respond to requests for comment. In a blog post, the company said “it appears DNS (domain name system) records for various organizations were modified, including one of Twitter’s domains used for image serving, Twimg.com. Viewing of images and photos was sporadically impacted.”

HACKERS LIMITED TARGETS, SAY EXPERTS

Jaeson Schultz, a Cisco Systems researcher, said that in the authoritative records known as WHOIS the Syrian Electronic Army listed itself as the contact for all of Twitter.com, which would have given it the power to take the site offline or place its own content there.

“It seems that their message is redirecting people back to their own website for news about the SEA or about Syria,” Schultz said. “They don’t seem to be interested in infecting end users, which is a good thing.”

Hackers who successfully break into MelbourneIT’s systems could potentially redirect and intercept emails sent to addresses under certain domains, researchers said. And users of sites that do not begin with “https” could have been fooled into entering passwords that could have been captured, said Jaime Blasco, a researcher with security firm AlienVault.

Because MelbourneIT serves as the registrar for some of the best known domain names on the Internet, including Microsoft.com and Yahoo.com, Tuesday’s breach could have had potentially catastrophic consequences.

“This could’ve been one of the biggest attacks we’ve ever seen, if they were more subtle and more efficient about it,” said HD Moore, the chief research officer at Rapid7, a cyber security firm. “They changed just a few sites, but if they had actually gone all out, they could’ve had most of the Internet watching them run the show.”

Media companies, largely ignored by hackers until 2011, have since been targeted by pranksters and suspected Chinese agents, as well as partisans in the Middle East.

Recent Headlines

in Sports

TNF: Saints take over first after first road win

Fresh
New Orleans Saints' Drew Brees warms up before an NFL wild-card playoff football game against the Philadelphia Eagles, Saturday, Jan. 4, 2014, in Philadelphia.

The 4-4 Saints piled up 375 yards to snap a seven-game losing streak on the road that dated back to last November.

in Sports

NCAA denies Georgia’s appeal of Gurley suspension

Fresh
Georgia running back Todd Gurley (3) celebrates with linebacker Amarlo Herrera (52) after an NCAA college football game against Tennessee Saturday, Sept. 27, 2014, in Athens, Ga. Georgia won 35-32.

The NCAA has upheld its four-game suspension of Georgia tailback Todd Gurley.

in Sports

Knicks spoil James’ homecoming

Fresh
Cleveland Cavaliers' LeBron James (23) brings the ball up against Maccabi Tel Aviv in the second quarter of a preseason exhibition basketball game Sunday, Oct. 5, 2014, in Cleveland.

The New York Knicks ruined the megastar's emotional homecoming with a 95-90 victory over the Cavaliers on Thursday night.

in Sports

Winston, Florida State rally to beat Louisville

Fresh
Florida State quarterback Jameis Winston (5) signs autographs after an NCAA college football game against Syracuse on Saturday, Nov. 16, 2013 in Tallahassee, Fla. Florida State beat Syracuse 59-3.

Dalvin Cook had two long scoring runs to help second-ranked Florida State rally for a 42-31 victory over Louisville on Thursday night.

in Entertainment

REVIEW: ‘Birdman’ could be the best film of 2014

In this image released by Fox Searchlight Pictures, Michael Keaton portrays Riggan in a scene from "Birdman."

You’ve heard the buzz for Michael Keaton's "Birdman." It’s loud and it's merited.

Bellingham Traffic