The New York Times website was down today due to a “malicious external attack,” with the group responsible alleged to be the Syrian Electronic Army (SEA). The attack involved redirecting requests from nytimes.com to a domain operated by the SEA. The Verge notes that the attack’s timing “coincides with US declarations that Syria should be held accountable for its chemical strikes,” with multiple users reportedly seeing this image when trying to visit the site:
The attack targeted DNS host, so users were technically still able to access the website by going directly to the NYT IP address, which is 220.127.116.11. According to Matt Johansen of White Hat Security, this DNS report for the Times website shows that the DNS nameserver had been changed to direct users to a different IP address associated with the SEA:
After experiencing technical difficulties for approximately three hours, the NYT website was returned to normal and issued this statement:
The New York Times Web site was unavailable to readers on Tuesday afternoon following an attack on the company’s domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive e-mails.
Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. warning employees that the disruption — which appeared to still be affecting the Web site as of 5:50 p.m. — was ” the result of a malicious external attack by the Syrian Electronic Army “or someone trying very hard to be them.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”
Several people on Twitter said they believed it was the work of the Syrian Electronic Army, a group of hackers who support President Bahar al-Assad of Syria. Matt Johansen, head of the Threat Research Center at White Hat Security, posted on Twitter that he was directed to a Syrian Web domain when he tried to access The Times’s Web site.
Until now, The Times has been spared from being hacked by the Syrian Electronic Army, which has successfully disrupted the Web operations of news organizations like The Financial Times. On Aug. 15, the group hacked The Washington Post’s Web site through a third-party service provided by a company called Outbrain. At the time, the Syrian Electronic Army also tried to hack CNN. Some information security experts said the group also appeared to be ready to hack The New York Times Web site that day.
In a post on Twitter Tuesday afternoon, The Syrian Electronic Army also said it had hacked the administrative contact information for Twitter’s domain name registry records. According to the Whois.com lookup service, the Syrian Electronic Army was listed on the entries for Twitter’s administrative name, technical name and e-mail address.