Sign in with
Sign up | Sign in

Syrian Group Claims Recent Twitter, New York Times Hacks

By - Source: Reuters | B 3 comments

The attack had the potential to be huge.

On Tuesday the Syrian Electronic Army (SEA) took credit for a number of website outages that affected The New York Times, the Huffington Post and even Twitter. The hacker group is known for attacking media organizations that it considers hostile to the regime of Syrian president Bashar al-Assad, and just recently assaulted sites belonging to CNN, Time and the Washington Post.

The NYTimes.com website was reportedly the only one in the group on Tuesday that suffered an hour-long outage. Visitors were reportedly redirected to a server owned by the hacking group before the DNS issue was corrected. The Huffington Post attack was limited to the site's U.K. web address, and Twitter said the attack merely caused partial availability issues for an hour and a half – no user information was obtained.

MORE: Future Browsers Will Protect You From Spying

"Our DNS registrar experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com," Twitter stated on Tuesday. "Viewing of images and photos was sporadically impacted."

The SEA group reportedly managed to disrupt the service of these three websites by penetrating Australian internet service provider MelbourneIT, which sells and manages domain names including Twitter.com and NYTimes.com. The ISP said two staff members at one of its resellers opened a fake email seeking login details, thus causing the account hacking.

According to the report, one of the reseller staff members was the direct manager of the NYTimes domain, along with other media companies, and had account login credentials stashed away in his email account. Once the fake email was opened and its package unleashed (presumably malware), the hackers took the acquired credentials, logged in to the MelbourneIT account, and changed the DNS settings to direct the NYTimes website to the SEA-owned server.

The ISP confirmed that other media companies were attacked as well, but the attempts were unsuccessful due to domain registry locks. MelbourneIT said it restored the correct domain name settings and changed the login credentials on the main compromised account. MelbourneIT also controls a number of highly-visited web domains including Microsoft.com and Yahoo.com, meaning the attack could have been a lot worse.

"This could've been one of the biggest attacks we've ever seen, if they were more subtle and more efficient about it," said HD Moore, the chief research officer at Rapid7, a cyber security firm. "They changed just a few sites, but if they had actually gone all out, they could've had most of the Internet watching them run the show."

The attacks are believed in retaliation against the Obama administration as Washington considers taking action against the Syrian government, which has been locked in a bloody battle with rebels for more than two years.

Follow us @tomsguide, on Facebook and on Google+.

Discuss
Display 3 comments.
This thread is closed for comments
  • 1 Hide
    adimeister , August 28, 2013 10:24 PM
    This Syria vs USA is going to be the real life Splinter Cell: Blacklist

    PS: I know Blacklist is an inside job of some ex US MI-6. Just having some humor here
  • 0 Hide
    stingstang , August 29, 2013 9:58 AM
    We've been 'considering' an invasion or whatever of Syria for those last 2 years there have been serious problems. The news reminds us that there are still discussions, and now everyone's hands shoot up all "OMG!" like it's just now a big deal.
    Later today: Reports that North Korea is considering nuking South Korea. WAAAAA?!
  • 0 Hide
    nieur , August 30, 2013 11:51 AM
    Now what?
    US is trying to find new base for their troops in Afghanistan once they are withdrawn.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter