If you were devastated to find out that you weren’t able to use up your 20 free articles from the New York Times website yesterday, blame Syria.
Well, not all of Syria, but a pro Bashad al-Assad hacktivist group that calls itself the Syrian Electronic Army. Via Twitter, they claimed responsibility for a complex online attack that felled not only NYT, but also UK’s Twitter site and the Huffington Post.
Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. on Tuesday warning employees that the disruption — which appeared to be affecting the Web site well into the evening — was “the result of a malicious external attack.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”
How did the hacktivists accomplish such a feat? Stacey Higginbotham from Gigaom reached out to Cory Von Wallenstein, the CTO of Dyn, a cloud-based Domain Name System provider for private companies. He explains the three types of attacks that hackers use, the third type being the most complicated and the one used by the SEA:
According to von Wallenstein, the third form of attack — and the one used by the SEA on Tuesday — is to take over the registration of a domain and change the authoritative DNS servers. The attack isn’t on the domain name system, but on the registrars, in this case MelbourneIT. It’s the most time consuming attack to undo, because while you can make the changes to the authoritative DNS servers pretty quickly, the recursive DNS servers can cache information for a full day unless the operators perform a manual purge.
For huge sites like Twitter, the New York Times and The Huffington Post, ISPs are likely to notice the attack and make the effort to clear their DNS servers’ cache, but if an attack of this nature takes out a smaller site it could leave them down for a day or even longer. And if the SEA’s recent activity is any guide, we could see a lot more of these types of attacks.
I’m not an internet expert, so I had to get some help from my more competent friends to get what was going on. Basically, a Domain Name System is the service that translates URLs into numeric IP address (or, the phone numbers of the internet). Big companies, like Melbourne IT, is a registrar for several different DNSs, including the ones for NYT and Twitter. The SEA hacked MelbourneIT and changed the instructions.
It’s like if you hacked into the United States Postal Service (or simply strolled into a post office) and filled out a change of address form of your enemy, so all his mail got sent somewhere else.
Here’s another good explanation from the Huffington Post:
As a registrar of domain names, Melbourne IT is a critical player in making the Internet work. The company helps translate the long string of digits that make up a website’s IP address, into a domain name that is easy for people to remember. Melbourne IT, which has more than 350,000 customers, is essentially one of the largest keepers of the Internet’s phone book.
On Tuesday, hackers made changes to that phone book, impacting The New York Times and possibly other websites, according to reports. The New York Times reported that the attack against Melbourne IT left its website unavailable to many visitors for several hours, though the paper continued publishing stories through another site – http://news.nytco.com.
As of right now (5:30 PM PST), nytimes has not been restored.