The Syrian Electronic Army—"or someone trying very hard to be them"—has taken over the domains of Twitter, the New York Times and the Huffington Post, and is tweeting about it:
After claiming multiple domain names, (nytimes.com, twitter.com, twimg.com, huffingtonpost.co.uk), the Assadist aligned hacking group responsible for a fake White House bombing tweet back in April—which resulted in a short-lived stock market plunge—just engaged in a series of cyber attacks.
Unlike the typical Distributed Denial of Service attacks, (or DDoS), the SEA has actually taken over a handful of domains and is redirecting servers through their own properties at the moment. The numerical IP address remains intact, and is allowing the Times to continue to publish, even as "nytimes.com" gets you nowhere.
Just check the who.is reports for each of these sites:
For the NYTimes, the SEA currently shows up as the registered owner,
and for Twitter:
and for Huffington Post UK:
When a colleague at Vice ran a regular who.is search for Twitter through the OSX network utility he saw this:
Investigative journalist and security researcher, Brian Krebs was quick to point out a common thread in the attacks:
Interestingly, it was announced today that the Chief of Melbourne IT Theo Hnarakis is resigning and will be gone by the end of the year. The article also looked at a decrease in the company's revenue. Could these attacks be the bitter reactions of an employee about to lose a job? Did someone at Melbourne IT give an SEA hacker the keys? Is Melbourne IT the weak link? Or, has Melbourne IT unfairly found itself the butt end of a nasty joke?
Tweetdeck still seems to be working with some glitches. Since Twitter icons are held in my computer's cache, I've been watching as tweets come through on Tweetdeck, which implements the Twittter API. But others have been asked to log back in again, something I'd recommend against doing at the moment.
Going to Twitter.com, there is still a bare-bones, stripped down version of the site that seems to be working. It looks like this:
Like a candle in a power outage, The New York Times is still publishing through news.nytco.com, and directly via its IP address: 126.96.36.199. Amidst all of this, the Wall Street Journal has opportunistically taken down their paywall and is promoting tweets to read their content for free. When I went to the Times' page to read an article about its own attack, I was booted out by the paywall—that is, right after I copy-pasted it into a Word doc.
The Times Chief Information Officer Marc Frons issued a statement explaining the attack was, "the result of a malicious external attack by the Syrian Electronic Army, or someone trying very hard to be them.” He warned employees to “be careful when sending e-mail communications until this situation is resolved.”
Meanwhile the announcement on the Times' Facebook page is being bombarded with calls of "Allah, Souria, Bashar o bas! Yankee go home!"—calls for Allah, Syria and Bashar al-Assad only, followed by a classic call against American intervention.
Was the SEA bluffing a moment ago when it tweeted, "@twitter, are you ready? #SEA," with this image attached?:
What else could these attacks affect? When the biggest publishing outlets—where readers would obviously be going to get updates about these attacks—have been compromised, what's the recourse? For now, the obvious thing to do is read Motherboard. In a climate where John Kerry and Barack Obama are just inches from pressing the button on Assad for using chemical weapons, a cyberwar is quickly coming over the horizon.