CyberWar: Syrian Electronic Army Targets New York Times and Twitter

Escalation
Technology • Views: 28,720

Today a hacker gang loyal to Syrian despot Bashar al-Assad called the Syrian Electronic Army managed to take over the domain name servers for the New York Times. Wired reports: ‘Syrian Electronic Army’ Takes Down the New York Times.

There’s no evidence that the Times’ internal systems were compromised. Instead, the attackers got control of the nytimes.com domain name this afternoon through the paper’s domain name registrar, Melbourne IT, then set it to map to a Russian hosting service delivering the message. Judging from the response on Twitter, some visitors were served a large image of the hacker group’s logo, but most just got timeout errors.

That wasn’t all. SEA also hijacked the DNS for one of Twitter’s domain names, twimg.com, which is used for serving images. Twitter’s status blog has a report: Twitter Status - Twitter Service Issue.

At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident.

Since DNS lookup results can be cached for unpredictable amounts of time, some people are still experiencing problems. Here at LGF, we’re seeing some of these problems with embedded tweets in comments — sometimes they’re not being displayed properly because the twimg.com servers are still unreachable.

Needless to say, this is a pretty serious cyber-attack against two very large, very visible US organizations. It was probably achieved with a technique called DNS Cache Poisoning.

UPDATE at 8/27/13 4:51:27 pm

Apparently the UK branch of the Huffington Post was also hijacked.

If the SEA had really wanted to do damage, they could have set up fake websites that looked exactly like the NYT or HuffPo, and collected who knows how many usernames and passwords from people logging in to the fake websites.

That’s the insidious thing about a DNS hijack — you have no way of knowing you’re not at the real site, if the attacker goes to the trouble of preparing an authentic-looking fake.

UPDATE at 8/27/13 6:37:51 pm

OpenDNS reports that popular social sharing site ShareThis was also targeted: High Profile Domains Under Siege | OpenDNS Blog.

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT
LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal
Cash.app
Recent PagesClick to refresh
Detroit Local Powers First EV Charging Road in North America The road, about a mile from Local 58's hall, uses rubber-coated copper inductive-charging coils buried under the asphalt that transfer power to a receiver pad attached to a car's underbelly, much like how a phone can be charged wirelessly. ...
Backwoods Sleuth
3 days ago
Views: 186 • Comments: 1 • Rating: 4