The New York Times

New York Times site victim of Syrian hackers

PUBLISHED : Thursday, 29 August, 2013, 12:00am
UPDATED : Thursday, 29 August, 2013, 7:54am

Media companies including The New York Times, Twitter and The Huffington Post lost control of some of their websites on Tuesday after hackers supporting the Syrian government breached the Australian internet company that manages their addresses.

The Syrian Electronic Army, a hacker group that has previously attacked media organisations that it considers hostile to the regime of Syrian president Bashar al-Assad, claimed credit for the Twitter and Huffington Post hacks in Twitter messages.

Security experts said electronic records showed that NYTimes.com the only site with an hours-long outage, redirected visitors to a server controlled by the Syrian group before it went dark.

New York Times spokeswoman Eileen Murphy said a preliminary inquiry showed it was "most likely the result of a malicious external attack".

The Huffington Post attack was limited to the blogging platform's UK web address. Twitter said the hack led to availability issues for 90 minutes but no user information was compromised.

In August, hackers backing the Syrian Electronic Army simultaneously targeted websites belonging to CNN, Time and The Washington Post by breaching a third party service.

It managed to gain control of the websites by penetrating MelbourneIT, an Australian internet service provider that sells and manages domain names including Twitter.com and NYTimes.

Officials at The New York Times, which identified MelbourneIT as its domain name registrar and the primary hacking victim, warned its employees to stop sending sensitive e-mails from their corporate accounts.

MelbourneIT spokesman Tony Smith said that login credentials from one of its resellers had been used improperly.

Once MelbourneIT was notified, he said, the company restored the correct domain name settings, changed the password on the compromised account and locked the records to prevent further alterations.