Skip to main content

New York Times website taken down by hack, Syrian Electronic Army involvement suspected (update)

New York Times website taken down by hack, Syrian Electronic Army involvement suspected (update)

Share this story

The New York Times HQ logo (1020)
The New York Times HQ logo (1020)

The New York Times' website is down from what appears to be a "malicious external attack," according to a statement posted to its Facebook pageThe Atlantic Wire reports that the paper's domain has reportedly been in and out of service since 3PM EST, when it first became unavailable. The attack is alleged to be the work of the Syrian Electronic Army (SEA), a group of hackers that claims to be promoting the Assad regime. The Times has been reporting on the recent Syrian chemical attacks, which may have attracted the SEA's attention.

The Times continues to publish articles through direct IP links

The paper's website has been set up to redirect requests from nytimes.com to a domain operated by the SEA. While the SEA's website was not functioning during much of the ongoing outage, Megan Hess, an editor at Mashablereported seeing a banner for the Syrian Electronic Army overtaking the domain. Readers can sidestep the hack by heading directly to the Times' IP address at 170.149.168.130, where it otherwise continues to function as normal.

The method of attack appears to focus on the Times' DNS host, a service which redirects users from the URL, "http://www.nytimes.com," to the regularly-hidden IP address of the Times' server. The DNS record below, spotted by White Hat Security's Matt Johansen, shows the DNS nameserver has been changed to direct users to an IP address associated with the SEA.

Nytimesdns

It wouldn't be the first time the SEA has targeted a media organization. The group took control of the Financial Times website this May, and previously targeted the GuardianNPRand The Washington Post. The SEA is also responsible for a spate of Twitter account hackings, which it generally accomplished through phishing attacks. The hacking collective has told The Verge in that past that the aim of these attacks is "to deliver a message and spread truth."

The Times is no stranger to cyberattacks

The Times has also seen numerous cyberattacks at the hands of other hackers. The paper's website has also already seen one extended period of downtime this month, though that was noted to be only be related to technical difficulties. During that time, it continued publishing reports on Facebook.

This attack's timing coincides with US declarations that Syria should be held accountable for its chemical strikes. While the SEA frequently makes attacks absent of any clear motivation, other instances have specifically targeted tools that are used to communicate undetected throughout the Middle East. The hacking group also claims to target publications because of their coverage, choosing them based on perceived imbalances in their portrayal of Syria.

Update: Shortly after 6PM EST the paper's website, nytimes.com, was returned to normal. Marc Frons, The New York Times Company's chief information officer, told the paper that it was either hacked by "the Syrian Electronic Army or someone trying very hard to be them." It would be the first time that the SEA has hacked it. "In terms of the sophistication of the attack, this is a big deal," Frons told the Times. The SEA is also claiming to have simultaneously hacked Twitter, but it appears to have had a much smaller impact.

Russell Brandom contributed to this report.