The Syrian Electronic Army (SEA) has shown its real face once again. By hacking the New York Times as well as Twitter domain name servers (DNS). NYT was attacked via its DNS registrar, Melbourne IT. SEA tries to hack more than 10 websites including Huffington Post, The Financial Times and more. SEA has proven that it supports President Bashar al-Assad in civil war.
The SEA has been hounding the Western media since some time now. Its antidemocratic and anti-western agenda lead it to make repeated attacks on the West and all it stands for. SEA has attacked more than 10 websites including The Financial Times, The Washington Post, Huffington Post and more. The question remains how it managed to infiltrate the accounts of such a large organization as the New York Times. Melbourne IT is the answer. It hosts most of the Twitter and NYT traffic. The SEA was able to crack the code on its site and thereby gain unlawful entry. The details of how SEA went about its operation are still sketchy yet it is certain that a lot of effort went into it. The SEA changed the DNS records and thereby was able to accomplish its dirty deeds.
Marc Frons, chief information officer for The New York Times said in an interview that "the attack was carried out by a group known as the Syrian Electronic Army, or someone trying very hard to be them." NYT states that the attck was done on the company’s domain name registrar, Melbourne IT. "The Web site first went down after 3 p.m.; once service was restored, the hackers quickly disrupted the site again. Shortly after 6 p.m. We believe that we are on the road to fixing the problem,” said Mr. Frons.
DNS is a kind of directory for the Internet. SEA was able to reroute the NYT offline and then play around with its contents to its heart’s content. While Melbourne IT did what it could to make up for the loss of data and breach in security by then it was too late. In particular, the sort of sabotage that had taken place was hard to fix. Up to 24 hours would be needed before the problem was resolved. Especially, Twitter’s pictures were badly affected by this attack by the SEA. It will be some time before the whole thing is settled and everyday affairs return back to normal.
Twitter has released following service issue statement about the situation 8 hours ago.
"At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident."
"The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT’s systems. The DNS records of several domain names on that reseller account were changed – including nytimes.com. Once Melbourne IT was notified, we:
- changed the affected DNS records back to their previous values
- locked the affected records from any further changes at the .com domain name registry
- changed the reseller credentials so no further changes can be made
We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies. We will also review additional layers of security that we can add to our reseller accounts. For mission critical names we recommend that domain name owners take advantage of additional registry lock features available from domain name registries including .com – some of the domain names targeted on the reseller account had these lock features active and were thus not affected."