The hacking was just the latest of a major media organization, with The Financial Times and The Washington Post also having their operations disrupted within the last few months. It was also the second time this month that the Web site of The New York Times was unavailable for several hours.
Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. on Tuesday warning employees that the disruption — which appeared to be affecting the Web site well into the evening — was “the result of a malicious external attack.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”
In an interview, Mr. Frons said the attack was carried out by a group known as “the Syrian Electronic Army, or someone trying very hard to be them.” The group attacked the company’s domain name registrar, Melbourne IT. The Web site first went down after 3 p.m.; once service was restored, the hackers quickly disrupted the site again. Shortly after 6 p.m., Mr. Frons said that “we believe that we are on the road to fixing the problem.”
The Syrian Electronic Army is a group of hackers who support President Bashar al-Assad of Syria. Matt Johansen, head of the Threat Research Center at White Hat Security, posted on Twitter that he was directed to a Syrian Web domain when he tried to view The Times’s Web site.
Until now, The Times has been spared from being hacked by the S.E.A., but on Aug. 15, the group attacked The Washington Post’s Web site through a third-party service provided by a company called Outbrain. At the time, the S.E.A. also tried to hack CNN.
Just a day earlier, The Times’s Web site was down for several hours. The Times cited technical problems and said there was no indication the site had been hacked.
The S.E.A. first emerged in May 2011, during the first Syrian uprisings, when it started attacking a wide array of media outlets and nonprofits and spamming popular Facebook pages like President Obama’s and Oprah Winfrey’s with pro-Assad comments. Their goal, they said, was to offer a pro-government counternarrative to media coverage of Syria.
The group, which also disrupted The Financial Times in May, has consistently denied ties to the government and has said it does not target Syrian dissidents, but security researchers and Syrian rebels say they are not convinced. They say the group is the outward-facing campaign of a much quieter surveillance campaign focused on Syrian dissidents and are quick to point out that Mr. Assad once referred to the S.E.A. as “a real army in a virtual reality.”
In a post on Twitter on Tuesday afternoon, the S.E.A. also said it had hacked the administrative contact information for Twitter’s domain name registry records. According to Whois.com, the S.E.A. was listed on the entries for Twitter’s administrative name, technical name and e-mail address.
Twitter said that at 4:49 p.m., the domain name records for one image server, twimg.com, were modified, affecting the viewing of images and photos for some users. By 6:29 p.m. the company said, it had regained control, although as of early evening, some users were still reporting problems receiving images.
The social networking company, based in San Francisco, said no user information had been affected.
Mr. Frons said the attacks on Twitter and The New York Times required significantly more skill than the string of S.E.A. attacks on media outlets earlier this year, when the group attacked Twitter accounts for dozens of outlets including The Associated Press. Those attacks caused the stock market to plunge after the group planted false tales of explosions at the White House.
“In terms of the sophistication of the attack, this is a big deal,” Mr. Frons said. “It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites.”
Vindu Goel contributed reporting.
Article source: http://www.nytimes.com/2013/08/28/business/media/hacking-attack-is-suspected-on-times-web-site.html?partner=rss&emc=rss