Syrian hacktivists down New York Times website

The New York Times believed to have been targeted by a hacktivist group that supports Syrian president Bashar al-Assad

The New York Times (NYT) is the latest western media organisation believed to have been targeted by the Syrian Electronic Army (SEA) hacktivist group that supports Syrian president Bashar al-Assad.

It was the second time this month that the website of the NYT website was unavailable for several hours, the paper reported.

The SEA is also believed to have been behind a string of similar attacks on other media organisations in recent months, including the Financial Times, Washington Post, Reuters Twitter feed and BBC weather.

The hacktivist group emerged in May 2011, during the first Syrian uprisings, when it started attacking media outlets and spamming popular Facebook pages.

The SEA said its goal was to offer a pro-government counter narrative to media coverage of Syria.

Marc Frons, chief information officer (CIO) for The New York Times Company, issued a statement at 4.20pm on Tuesday 27 August 2013, warning employees that the disruption was “the result of a malicious external attack.”

He advised employees to “be careful” when sending email communications until the situation was resolved.

The attack on NYT coincided with an attack by the SEA on microblogging service Twitter, which said the domain name records for one of its servers had been modified, affecting the viewing of images and photos for some users, but that no user information had been affected.

Until now, the NYT said it has been spared from being hacked by the SEA, but on 15 August 2013, the group attacked the Washington Post’s website and tried to hack CNN at the same time.

The previous day the NYT’s website was down for several hours, but the paper cited technical problems and said there was no indication the site had been hacked.

Read more about supply chain security

Frons described the attack on Twitter and the NYT’s domain name registrar as “sophisticated” and said it required more skill than previous attacks on media organisations.

“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds, if not thousands, of websites,” the NYT quoted him as saying.

Barry Shteiman, senior security strategist at Imperva said the attack on the NYT highlights a prolonged security problem inherited in the way that companies rely on third-party public services to conduct their business.

“While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premise, it is a much harder practice when some of that infrastructure is provided by a third-party like an ISP or a DNS Hoster,” he said.

According to Shteiman, CIOs need to realise that critical pieces of their online entities are controlled by suppliers and that security policies should apply to them as well.

“Companies should create contingency plans and check the security measurements taken by their third-party content and infrastructure providers. A DNS is unfortunately, a great example,” he said.

Ken Westin, a security researcher for Tripwire, said media attacks seem to be escalating and moving away from annoying, simple denial of service attacks towards full domain compromise.

“All media outlets should be on particularly high alert because it’s rare that just one site that is compromised in attacks like this,” Westin said.

Kenneth Geers, senior global threat analyst at FireEye said the method of attack on the NYT may indicate that the SEA has begun going after media organisations’ supply chains.

“Rather than attacking a large firm directly, the SEA is opting to identify weaker links between the firm and other partnering organisations that they use for business operations.

“This is because the victim firm may not have as much control over the operational security employed by the partners, so the partners are an easier target to focus on,” he said.

Geers said it is likely that this type of attack will continue as long as supply chain security remains weak.

Read more on Hackers and cybercrime prevention