(USA TODAY) -- The New York Times' website is starting to be restored for
many readers late Wednesday morning, more than 20 hours after being
hacked by what appears to be the Syrian Electronic Army.
"The situation is close to being fully resolved," said Times spokeswoman Eileen M. Murphy, in a statement.
SEA, a group of hackers who support Syrian President Bashar Assad,
claimed responsibility online and said it also hacked Twitter's sites.
The hackers seem to have gained access to the sites of the Times and
Twitter through Melbourne IT, an Australian company that specializes in
website domain name registration.
The Times said Tuesday its
website crashed at about 3 p.m. ET, following an online attack on
Melbourne IT, which is the vendor for the domain name the Times uses to
host its content online.
Wednesday's problems with the Times' site
are not a new attack and the site remained down throughout early
Wednesday morning. "There is no new outage this morning," Murphy said.
someone is still having trouble accessing the site, it is most likely
the result of their Internet service provider not having yet restored
the proper domain name system (DNS) records," she said. ISPs, such as
Verizon or Time Warner Cable, sell high-speed access to the web, and DNS
records include the crucial computer code that identifies particular
The news organization was sending its news feed through another site as of Wednesday morning -- http://news.nytco.com.
is the second failure of the Times' site in two weeks. It went dark on
Aug. 14 due to what the publication said then was an internal problem,
not the result of hacking.
Marc Frons, chief information officer
for The New York Times Co., didn't directly blame the Syrian Electronic
Army. But he told New York Times staffers in a memo Tuesday that it
appears to be the work of the SEA or "someone trying very hard to be
them," according to a report by the New York Times.
He also advised the staff to "be careful when sending e-mail communications until this situation is resolved."
Post and Twitter also confirmed their websites were affected by the DNS
attacks. For Twitter, the Tuesday attack on its website used for images
resulted in users having trouble viewing photos. A Twitter account that
seemingly belongs to SEA showed an image that indicates SEA also
attacked Twitter's domain.
Corporate websites' domain name system
(DNS), which assigns the site's domain names and indexes them on
designated servers, remains particularly vulnerable to hacker attacks,
said Gunter Ollmann, chief technology officer of Internet security firm
IOActive. "It's a very complex equation," he said. "There are soft
Media websites also are becoming increasingly complex and
vulnerable as they integrate more software and content from partners,
including third-party vendors, "widget" developers and advertising
A day after the Times' Aug. 14 crash, the SEA also took down the websites of The Washington Post, CNN and Time.
The companies said SEA hacked the Internet service of Outbrain, a
content recommendation company whose software widget is embedded in
Such attacks underscore the vulnerability of
electronic links and communication that now underpin much of the
information flow in the U.S. But targeting media sites brings more
attention for hackers, Ollmann said. "If the website of GE or The New York Times went down, which is going to generate more attention?"
IT blamed one of its resellers for the security breach, according to
its statement that appeared on technology news site TechCrunch.
hackers gained access to the reseller's account on Melbourne IT's
systems. And the DNS records of several domain names on that reseller's
account - including NYTimes.com - were changed, it said.
IT said it restored the affected DNS records back to their previous
settings and took measures to prevent further changes.
currently reviewing our logs to see if we can obtain information on the
identity of the party that has used the reseller credentials, and we
will share this information with the reseller and any relevant law
enforcement bodies," it said.
"Registrars really need to run a
tighter ship," said Paul Ferguson, vice president of network monitoring
firm Threat Intelligence. "This seems to continually happen, and each
time it further erodes trust in the entire system."