Syrian Rebels Hack Major News Networks in the US

The New York Times and Twitter websites are still experiencing problems due to a serious hack which was carried out on Tuesday.  The social network and newspaper experienced difficulties after their having their domain name along with other details aggressively altered by the Syrian rebel group.  The group responsible, who have identify themselves as The Syrian Electronic Army (SEA for short) are supporters of president Bashar al-Assad.  This is the most serious attack to be carried out by the group so far.

In the past few months, other media companies have been hit by the group. These include major media companies like the Financial Times, CNN, BBC and The Washington Post. In this last attack, however, the group caused the sustained damage to date using a method of attack which similar to the one experienced by the Huffington Post Website in recent weeks.

Melbourne IT hosting

The domains affected were under management by Melbourne IT, a hosting company which claims it is identifying new security measures that will protect the details of their website domains.  The attack was based on altering of the websites’ Domain Name System (DNS) information.  This information is needed in order to direct web traffic to the server of a specific website. In plain language, this allows us to browse the web with simple addresses like bbc.com, instead of long, complex IP addresses – a series of digits separated by dots.

SEA gained access to Melbourne IT’s database. This is where The New York Times and twitter had registered their domain names.  The result was that DNS information could be altered by the hackers, so instead of taking web users to the “nytimes.com” it was directing them to servers under the control of the SEA.

Twitter

Instead of Twitter, the group laid siege on twimg.com. This is a domain used by the social network in order to store styling code and image data. Twitter remained active but many of its pages were displayed incorrectly. In a public statement, Twitter claimed that no user data had been altered. The SEA also made use of its Twitter account to gasconade its successful attacks on either website, displaying images of its work there.

Registry Lock

Melbourne IT has passed the blame onto a reseller, saying that the attack took place as a result of a glitch on their system.  The company added that the reseller’s log-in details had somehow been attained, and that this gave them the access codes they needed to alter Twitter’s domain name and details.  The company suggested that hosts wanting to ensure security on their domains would be fully protected by “added registry lock features” available from them.

Attacks on media companies on the rise

While the New York Times experienced its downtime, they were in the process of publishing articles on their Facebook page and also on a mirror site. In the meantime, the company’s chief information manager, Mark Frons, advised that staff “be careful when sending email(s) until the situation has been resolved”.

A renowned security researcher, Ken Westin, who is working for Tripwire says that attacks on media companies are on the increase and are putting scores of website users at risk. The New York Times has also claimed that hackers had gained access to the personal details of their employees in January of this year.

According to the chief technology officer of McAfee, media will continue to be affected by these kinds of attacks as long as they influence political debates and have a crucial role in forming public opinion.  According to him, whatever tactics are used to try to control these situations the cyber attacks will always compromise the security of websites. He says that the SEA were not especially ingenious but had taken full advantage of some inconspicuous loopholes which had not been recognized before.

Keep your company’s website safe

There are multiple actions to take to keep your website safe.  Following are a few tips from cyber security masters program curriculum:

Keep up to date concerning vulnerabilities.  Require SSL (Secure Sockets Layer) on the website.  Watch for traffic from known or suspected malicious hosts. Implement physical security. Scan your website daily for malware. Monitor infrastructure for network intrusions, propagation attempts, and suspicious traffic patterns. Store your private digital certificates keys in secure, tamperproof, cryptographic hardware devices.