Syrian hackers may be behind Twitter attack, New York Times website outage

Update: For the chaos, and attention, the Syrian Electronic Army stirred up Aug. 27, it was a simple phishing attack that gave the SEA access to the credentials it needed to take down The New York Times website, among other interruptions.

The phishing was certainly effective enough to gain access to the Melbourne IT servers where the Times, Twitter and Huffington Post UK are registered.

"A targeted phishing attack was used to gain access to the credentials of users of a Melbourne IT reseller account," Bruce Tonkin, Melbourne IT's CTO, told Mashable in an email. "We have obtained a copy of the phishing email and have notified the recipients of the phishing email to update their passwords. We have also temporarily suspended access to affected user accounts until passwords have been changed."

Tonkin wouldn't share the email to avoid copycats, but interestingly the phishing wasn't technically savvy, simply effective.

Original article...

Outages aren't a rarity in the world of the web, and with an alarming frequency hacks aren't either. Today, Twitter and The New York Times appear to have fallen prey to the latter.

"Many users are having difficulty accessing The New York Times online," the publication wrote on Facebook. "We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack."

This is the second time the Times' site has gone down in a month, noted the Atlantic Wire, with intermittent domain access setting in around 12 p.m. PT/ 3 p.m. ET/ 8 p.m. BT today.

While the first outage was blamed on a "a failure during regular maintenance," this one does appear to fall into the malicious category as it's suspected the Syrian Electronic Army is responsible for the hack.

Update: The Times published an article in which Marc Frons, chief information officer for The New York Times Company, said the website take down was the work of "the Syrian Electronic Army or someone trying very hard to be them."

Frons also advised employees to be cautious when sending emails, and at around 6 p.m. ET he said "we believe that we are on the road to fixing the problem."

The @Official_SEA16 Twitter account tweeted "Media is going down..." and listed the URLs for the Times as well as the huffingtonpost.co.uk and links to their Whois.DomainTools.com URLs.

Twitter issues too

Even before Frons' interview, many suspected (and gathered evidence) that the Syrian Electronic Army, or SEA, a group of hackers who support Syrian President Bashar al-Assad, was behind the outage.

An editor at Mashable tweeted a screen grab that showed a "Hacked by Syrian Electronic Army" banner splashed across nytimes.com. It was widely reported that a visit to the Times' web page would end with a redirect to a page controlled by the SEA.

Additionally, the SEA claimed it hacked into Twitter's registry account, or domain name server (DNS).

A DNS host hack also appears to be the route taken to attack The New York Times' website.

Twitter issued a status report stating its DNS provider "experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter's domains used for image serving, twimg.com."

It didn't name the SEA, but Twitter did note the viewing of images and photos "was sporadically impacted." It said that as of 22:29 UTC (3:29 p.m. PT, 7:20 p.m. ET) the original domain name was restored. No user information was compromised, it assured.

The Huffington Post UK website didn't appear to experience a disruption, according to ABC News, and both it and Twitter look to have their Whois.DomainTools.com original ownerships listed.

The attacks, however, do not seem to be over. The Anonymous group (via @AnonymousPress) tweeted that twitter.co.uk is down, hashtagging #SEA and #SyrianElectronicArmy. The domain failed to load when TechRadar attempted to visit it repeatedly, and @Official_SEA16 tweeted the domain's Whois record.

The account also published a picture of its name on twitter.ae's Whois record, and the Twitter domain for the United Arab Emirates failed to load as well.

• Should you be scared of Prism?