SAN JOSE, Calif. —
Readers who tried to click on the New York Times’ website got nothing but error
messages Tuesday in its second major disruption this month. A hacker group
calling itself the “Syrian Electronic Army” claimed responsibility.
Within minutes of the attack, the New York Times announced
in a Twitter message that it would continue to publish news. The company
quickly set up alternative websites, posting stories about chemical attacks in
Syria. “Not Easy to Hide a Chemical Attack, Experts Say,” was the headline of
one.
The cyberattacks come at a time when the Obama
administration is trying to bolster its case for possible military action
against Syria, where the administration says President Bashar Assad’s
government is responsible for an alleged deadly chemical attack on civilians.
Assad denies the claim.
“Media is going down…” warned the Syrian Electronic Army in
a Twitter message before the websites stopped working, adding that it also had
taken over Twitter and the Huffington Post U.K.
Times spokeswoman Eileen Murphy said the disruption was
caused by a “malicious external attack” that affected its website and email,
while Twitter spokesman Jim Prosser said viewing of images and photos were
sporadically affected. Huffington Post UK did not respond to requests for
comment.
Both Twitter and the Times said they were resolving the
attack, which actually hit an Australian company that registered their domain
names, Melbourne IT. The firm did not respond to requests for comment. Tracking
the hack even further, computer forensics from security firm Renesys Corp.
traced the Internet protocol addresses back to the same ones as the Syrian
Electronic Army’s website sea.sy, which the firm said has been hosted out of
Russia since June.
The Syrian Electronic Army has, in recent months, taken
credit for Web attacks on media targets that it sees as sympathetic to Syria’s
rebels, including prior attacks at the New York Times, along with the
Washington Post, Agence France-Press, 60 Minutes, CBS News, National Public
Radio, The Associated Press, Al-Jazeera English and the BBC.
FBI spokeswoman Jenny Shearer at the Washington D.C.
headquarters said the agency has no comment on Tuesday’s attack.
Tuesday’s victims were hit by a technique known as “DNS
hijacking,” according to Robert Masse, president of Montreal, Canada-based
security startup Swift Identity.
The technique works by tampering with domain name servers
that translate easy-to-remember names like “nytimes.com” into the numerical
Internet Protocol addresses (such as “170.149.168.130″) which computers use to
route data across the Internet.
Domain name servers work as the Web’s phone books, and if
attackers gains access to one, they can funnel users trying to access sites
like The New York Times or Twitter to whichever rogue server they please. Masse
said DNS attacks are popular because they bypass a website’s security to attack
the very architecture of the Internet itself.
“Companies spend a lot of time, money, resources and
defending their servers, but they forget about auxiliary infrastructure that is
integrally connected to their networks, like DNS.”
Cybersecurity experts said hijacking attacks are preventable
if website administrators are meticulous about what code they bring into their
sites.
“As this incident illustrates, any time you integrate third
party code into your site, it presents a new attack vector for hackers. You
must not only ensure your own code is secure, but you must also rely upon third
parties’ security practices,” said Aaron Titus, a privacy officer and attorney
at New York-based privacy software firm Identity Finder.
Michael Fey, a chief technology officer at Santa Clara,
Calif. based cybersecurity firm McAfee, said Tuesday that as long as media
organizations play a critical role as influencers and critics, they will
continue to be targets of cyber-attacks.
He said the battle tactics are broad, from denial of service
attacks, to targeted attacks using social engineering and to deploying
information-gathering Trojans.
“Regardless of technology or tactics deployed, we should
expect to see more of these attacks,” he said.
No comments:
Post a Comment