How the Syrian Electronic Army took down the New York Times website

Syrian Electronic Army tweet to take down nytimes.com

nytimes.com is hosted by a domain registrar based in Melborne, Australia.  The Syrian Electronic Army disabled the New York Times by compromising a re-seller’s username and password and logging in with those credentials.

But despite how simple it sounds this wasn’t a quick hack; it was deliberate and methodical.

Once inside the Melbourne domain name registrar, the Syrian hacking group changed the DNS records of nytimes.com to it’s own address, m.sea.sy/mob.sea.sy, which essentially took the media giant offline around 3pm EST yesterday.

DNS records are basically responsible for translating pretty web addresses like fixedbyvonnie.com to their IP equivalents.  If someone where to change where the hostname resolves they could effectively hijack the webpage.

The Melborne engineers have since reverted the DNS records and changed the credentials of the hacked reseller account but the damage to the New York Time’s reputation is irreparable.nytimes.com hacked by SEA

Eileen Murphy, spokeswoman for the New York Times said in a statement:

The site is down for some. We are working to fix the problem. Our initial assessment is that this is most likely the result of a malicious external attack

The repercussions of the attack are still being felt for some people.   Even though the records are now correctly pointing to the right host, it still takes hours for the changes to propagate through the internet and millions of people around the globe still have cached copies of the bad records.  It could actually take up to 48 hours before everything returns to normal.

But do you know what the scary part is?   The Melborne IT system is actually home to other domains such as google.com, yahoo.com, microsoft.com and aol.com.  If the Syrian Army found other weaknesses who knows what bedlam would have ensued.

About

Connect with Vonnie on Twitter

Posted in News