Create an FP account to save articles to read later and in the FP mobile app.

Sign Up

ALREADY AN FP SUBSCRIBER? LOGIN

Syrian Hacker Collective Knocks Out the New York Times

With the United States moving closer to military strikes in Syria, the Syrian Electronic Army, a pro-Assad hacking collective, isn’t content on the sidelines. On Tuesday, the group appeared to hit the New York Times’ website and managed to redirect some visitors to SEA-owned servers. For most Times readers, the outage, which began at about ...

By Elias Groll

August 27, 2013, 10:47 PM

With the United States moving closer to military strikes in Syria, the Syrian Electronic Army, a pro-Assad hacking collective, isn't content on the sidelines. On Tuesday, the group appeared to hit the New York Times' website and managed to redirect some visitors to SEA-owned servers.

With the United States moving closer to military strikes in Syria, the Syrian Electronic Army, a pro-Assad hacking collective, isn’t content on the sidelines. On Tuesday, the group appeared to hit the New York Times’ website and managed to redirect some visitors to SEA-owned servers.

For most Times readers, the outage, which began at about 3 p.m. and looks to be ongoing, came in the form of a fairly standard error message. But some users experienced something more sinister:

This is what happens when I visit the http://t.co/sZB2l78Lg5 pic.twitter.com/gzvuSrE7VE

— Seth Fiegerman (@sfiegerman) August 27, 2013

The SEA appears to have attacked the domain name system — the method by which IP addresses are matched to the names of websites — and used it to divert visitors away from the Times‘ servers and onto an SEA domain. The Times has acknowledged that it believes the outage is the result of "a malicious external attack" but has so far not said who it believes was behind the attack.

The SEA has not formally claimed responsibility for the hack, though its Twitter feed is full of gloating about the outage. And so far, all the evidence indicates that the Assad-affiliated collective was behind the attack. Matt Johansen, a researcher at WhiteHat Security, posted a photo of the Times‘ DNS registry, which seems to point to an SEA operation:

NYTimes DNS is compromised. Pointing to Syrian Electronic Army domain. http://t.co/wfJugHQ155 pic.twitter.com/Vhf35kuQAP

— Matt Johansen (@mattjay) August 27, 2013

The SEA is also claiming to have hacked Twitter’s domain, but it remains unclear whether the DNS registry has in fact been altered or whether it is just a cosmetic change. Twitter is reportedly investigating the claim.

Hi @Twitter, look at your domain, its owned by #SEA 🙂 http://t.co/ZMfpo1t3oG pic.twitter.com/ck7brWtUhK

— SyrianElectronicArmy (@Official_SEA16) August 27, 2013

But the group may not be done. The SEA claimed on Twitter that it has also gained control over the Huffington Post and Twitter’s UK domains.

The SEA now has an impressive rap sheet of media organizations that it has successfully attacked. Besides the Times, the SEA has hit the Washington Post, NPR, the BBC, and even the Onion. The group at one point hijacked the Associated Press Twitter feed to spread the false news that there had been two explosions at the White House and that President Obama had been injured.

While the group’s most publicized attacks have focused on spreading mayhem at international media outlets, the SEA has also targeted Facebook pages in Syria aimed at disseminating information about the civil war. That effort appeared to be part of a crude information dominance campaign as the Syrian Army attempted to retake rebel-held territory.

On the subject of information dominance, with the Times website down, the Wall Street Journal has apparently spotted a business opportunity, and is offering free access: