Syrian Hackers Disable New York Times Website

Hackers thought to be loyal to the Assad Syrian government have seized control of The New York Times website and have disrupted Twitter service. It seems they've adopted a new hacking tactic that requires advanced technical skills.

The hacking appears to be the work of the Syrian Electronic Army hacking group, which supports the Assad regime. Analysts are split over whether the group is officially working on behalf of the government or is simply made up of sympathetic members. (Source: slate.com)

In the past the group has attacked media sites by using phishing tactics, which involve sending bogus emails that trick legitimate staff members into handing over log-in data.

Once hackers acquire these details, they can post bogus news stories that not only serve as propaganda for the government forces in the Syrian civil war, but harm the credibility of less supportive news outlets.

Website Address System Key to Attacks

However, the latest attacks were unique. Experts say the hackers somehow accessed and modified the records of Melbourne IT, one of the world's largest domain name registrars. In fact, it's used by both The New York Times and Twitter.

A domain name registrar performs two main roles: it makes sure that only one person or organization lays claim to a particular website address at any time and it keeps the official record of the physical computer where the relevant pages are housed and made accessible to web viewers.

Without domain name registrars, web users would need to remember a long string of numbers to access a site.

New York Times Website Address Hijacked

Though details are hazy, it appears the hackers were able to change The New York Times domain registration so that people trying to visit the newspaper's site were either redirected to a site owned by the hackers or simply given no response.

With Twitter, the hackers modified the records for twimg.com, an address used for a website that hosts pictures uploaded by Twitter users. As a result, many Twitter posts had blank spaces where pictures should have been displayed. (Source: wsj.com)

This method of attack is particularly worrying as it suggests the hackers are highly skilled. Theoretically, domain name registrars should have very high levels of security because their databases are so crucial to the way the entire web functions.