'Syrian' hackers hit NYT website

“Our website was unavailable to users in the United States for a time on Tuesday,” the newspaper said in a post on its website. “The disruption was the result of an external attack on our domain name registrar, and we are at work on fully restoring service. We regret if this has caused you any inconvenience.”

The cyberattacks comeas the Obama administration is trying to bolster its case for possible military action against Syria.

“Media is going down ...” warned the Syrian Electronic Army in a Twitter message before the websites stopped working, adding that it also had taken over Twitter and the Huffington Post UK.

http://t.co/wDO83RU2s3 #SEA #SyrianElectronicArmy pic.twitter.com/NPDZv4BNzv

— SyrianElectronicArmy (@Official_SEA16) August 28, 2013

A Times spokeswoman said the disruption was caused by a “malicious external attack” that affected its website and email, while Twitter said the viewing of images and photos was sporadically affected.

Both Twitter and the Times said they were resolving the attack, which actually hit an Australian company that registered their domain names, Melbourne IT.

Theo Hnarakis, chief executive of Melbourne IT, the world’s sixth largest registrar of Internet domain names, said the security breach occurred at a major US.-based global reseller, or domain agent, where the hackers launched a “spear phishing attack” within the past week to steal the log-in details of the New York Times and Twitter domains.

“This activist group used a very, very sophisticated spear phishing attack,” he said. “ They sent very dubious emails to staff of one of our resellers whose area of expertise is looking after the domain names for major corporates including the New York Times.”

“Unfortunately, a couple of the staff members of the reseller responded by giving their email log-in details; the group were able to search their emails for sensitive information that included the user name and password for the New York Times, and from there it all cascades,” he said.

“We don’t put this down to a technical failure. We put it down to human error where someone has inadvertently provided their information and from there, a major a site like the New York Times was down for several hours,” he added.

The hackers had also tried to hack into Twitter.com, but failed because that domain was protected by an optional secondary security feature.

Tracking the hack even further, computer forensics from security firm Renesys traced the Internet protocol addresses back to the same ones as the Syrian Electronic Army’s website sea.sy, which the firm said has been hosted out of Russia since June.

A Syrian Electronic Army activist confirmed that the group hijacked the Times’ and Twitter’s domains by targeting Melbourne IT.

“I can’t say how, but yes we did hit Melbourne IT,” the hacker said in an email. No further details were disclosed.

The hacker’s true identity is not publicly known, but he has long used an email address linked to the group, and a second group member has vouched for his credentials.

The Syrian Electronic Army has, in recent months, taken credit for web attacks on media targets that it sees as sympathetic to Syria’s rebels, including prior attacks at the New York Times, along with the Washington Post, Agence France-Press, 60 Minutes, CBS News, National Public Radio, The Associated Press, Al-Jazeera English and the BBC.