USA TODAY International Edition
‘ New York Times’ outage shows Web weakness
Vulnerable domain name systems attacked.
The New York Times’ website was back in business Wednesday, a day after it was hacked by what appears to be the Syrian Electronic Army.
“The situation is close to being fully resolved,” said Times spokeswoman Eileen Murphy, in a statement. “Our traffic levels are almost back to normal, but there may be instances of some ISPs ( Internet service providers) having not yet restored the proper DNS records.”
The SEA, a group of hackers who support Syrian President Bashar Assad, claimed responsibility online and said it also hacked Twitter’s sites. The hackers seem to have gained access to the sites through Melbourne IT, an Australian company that specializes in website domain name registration.
The Times’ website first crashed at about 3 p. m. ET Tuesday and was still down early Wednesday. It was pretty much back in action by midmorning.
Domain name systems, or DNS, index and match domain names — like NYTimes. com — to their numerical Internet addresses, which can be read by computers and servers. It is the second failure of the
Times’ site in two weeks. It went dark on Aug. 14 due to what the publication said then was an internal problem, not the result of hacking.
Marc Frons, chief information officer for The New York Times Co., didn’t directly blame the Syrian Electronic Army. But he told New York
Times staffers in a memo Tuesday that the problem appeared to be the work of the SEA or “someone trying very hard to be them,” according to a report by The New York Times.
Twitter and The Huffington Post also said that their websites had been affected by DNS attacks. For Twitter, the Tuesday attack on its website used for images resulted in users having trouble viewing photos. The
Huffington Post said Wednesday morning it had experienced “mini- mal disruption,” adding everything had come back to normal.
Corporate websites’ domain name systems remain particularly vulnerable to hacker attacks, said Gunter Ollmann, chief technology officer of Internet security firm IOActive. “It’s a very complex equation,” he said. “There are soft points.”
Melbourne IT blamed one of its distributors for the security breach, saying the hackers gained access to its account. A targeted phishing attack — in which hackers seek to gain personal information, such as the user name and password, with enticing e- mails — was used to obtain the credentials of the users of the distributor’s account, the company said.
The information was then used to manipulate the DNS records of several domain names on that distributor’s account — including NYTimes. com — and direct readers to another site.
Melbourne IT said it restored the affected DNS records back to their previous settings and took measures to prevent further intrusions.
Such attacks underscore the vulnerability of media sites that are becoming increasingly complex as they integrate more software and content from vendors, including “widget” developers and advertising networks.
Media sites need to be particularly vigilant in monitoring attacks as they are attractive to hackers with an agenda, Ollmann said. “If the website of GE or The New York Times went down, which is going to generate more attention?”
“Registrars really need to run a tighter ship,” said Paul Ferguson, vice president of threat intelligence at Internet security company IID. “This seems to continually happen, and each time it further erodes trust in the entire system.”