CyberWar: Syrian Electronic Army Targets New York Times and Twitter
Today a hacker gang loyal to Syrian despot Bashar al-Assad called the Syrian Electronic Army managed to take over the domain name servers for the New York Times. Wired reports: ‘Syrian Electronic Army’ Takes Down the New York Times.
There’s no evidence that the Times’ internal systems were compromised. Instead, the attackers got control of the NYTimes.com domain name this afternoon through the paper’s domain name registrar, Melbourne IT, then set it to map to a Russian hosting service delivering the message. Judging from the response on Twitter, some visitors were served a large image of the hacker group’s logo, but most just got timeout errors.
That wasn’t all. SEA also hijacked the DNS for one of Twitter’s domain names, twimg.com, which is used for serving images. Twitter’s status blog has a report: Twitter Status - Twitter Service Issue.
At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident.
Since DNS lookup results can be cached for unpredictable amounts of time, some people are still experiencing problems. Here at LGF, we’re seeing some of these problems with embedded tweets in comments — sometimes they’re not being displayed properly because the twimg.com servers are still unreachable.
Needless to say, this is a pretty serious cyber-attack against two very large, very visible US organizations. It was probably achieved with a technique called DNS Cache Poisoning.
Apparently the UK branch of the Huffington Post was also hijacked.
If the SEA had really wanted to do damage, they could have set up fake websites that looked exactly like the NYT or HuffPo, and collected who knows how many usernames and passwords from people logging in to the fake websites.
That’s the insidious thing about a DNS hijack — you have no way of knowing you’re not at the real site, if the attacker goes to the trouble of preparing an authentic-looking fake.
OpenDNS reports that popular social sharing site ShareThis was also targeted: High Profile Domains Under Siege | OpenDNS Blog.