As the United States, Britain, France and others seem poised at the brink of an attack on Syria, one could guess that the New York Times is going through its Rolodex of military contacts and questioning whether one or two cruise missiles might find their way to the front door of the Syrian Electronic Army. Surely, with all that death and destruction flying through Syria’s airspace in the coming days, perhaps a favor owed in the form of a Tomahawk missile might find its way towards the hacking group that continues its attacks on the media?
Once again, the group who supports Syrian President Bashar al-Assad, has taken aim at the New York Times and other western media outlets, including Twitter, in recent days. The most recent attack on the Times may have been its most brazen and intricate yet by attacking something so simple: its cyberspace address.
The most recent intrusion, known as a Domain Name System attack, limited access to the Times website by directing those looking for the site to other “neighborhoods” on the web—some even directed to a site set up by the Syrian group with its logo and text supporting Assad.
More than 98 percent of servers that publish content to the Internet are identified by a numeric address. For example, the Times’ Web server is located at the address 170.149.168.130.
Knowing this, the SEA were able to attack the website by accessing the records of an Australian firm, Melbourne IT, which registers domain names, such as nytimes.com, and stores the directory records for those websites.
Once the SEA gained access to Melbourne IT through a phishing email, the group was simply able to change the IP address associated with nytimes.com. Consequently, those looking for the site were directed wherever the SEA preferred, assuming that nobody reverted to the actual numerical address for the NYT.
Kenneth Geers, a senior global threat researcher at the security firm FireEye, said DNS attacks are difficult to prevent. Websites have a complex architecture that give hackers many openings.
The extended cyber-attacks “must be maddening for the New York Times and Twitter,” he said.
I might add that they are equally maddening for both sites’ users, especially given the Syrian Electronic Army’s support of a murderer willing to use chemical weapons on his own citizens no matter their age.
