The New York Times, Twitter, and the Huffington Post UK were all targeted in hacking attacks last night by the Syrian Electronic Army (SEA), a group which supports the regime of President Bashar al-Assad.
The Times was the worst affected, with its website brought down for several hours and bosses forced to warn the paper’s employees to be careful with what they included in emails following “a malicious external attack”.
The incident was the latest in a series targeting Western media sites that are believed to be sympathetic to the Syrian rebels, but was described as being far more serious and sophisticated than previous hacks.
All the websites that were hit are believed to have used the same Australian company, Melbourne IT, to register their domain names, and a spokesman confirmed that a reseller’s username and password were used to access the domain name server (DNS) which is used to redirect internet users to specific website addresses.
Twitter issued a statement saying that one of the domains it uses for image serving, twimg.com, was targeted. It said that while “viewing of images and photos was sporadically impacted”, the original site was restored in under two hours.
While the Huffington Post UK would not comment on the extent to which its site was affected, it was one of the targets named in a warning posted prior to the attacks by the SEA.
The Twitter profile SyrianElectronicArmy (@Official_SEA16) wrote: “Media is going down…”, after which it posted pictures and messages publicly boasting about the success of its attacks.
Melbourne IT said that once it had been made aware of the attacks, it took measures to lock out the compromised reseller credentials, and added that: “We will also review additional layers of security.”
Though the company said it was still working to confirm the identities of those responsible, the Associated Press reported that an SEA activist confirmed its involvement with an email, saying: “I can't say how, but yes we did hit Melbourne IT.”
And computer forensics teams from security firm Renesys Corp. said they had traced a link between the internet protocol (IP) addresses used in the attacks and those used on the SEA’s website sea.sy, which it said has been hosted from Russia since June.
In an interview reported by the New York Times itself, chief information officer Marc Frons said yesterday’s hacks required significantly more skill than the string of SEA attacks on Western media earlier this year, when dozens of Twitter accounts were targeted from outlets including the Associated Press and The Financial Times.
“In terms of the sophistication of the attack, this is a big deal,” Mr Frons said. “It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites.”
Video: Ed Miliband to consider supporting government on SyriaReuse content