The Syrian Electronic Army (SAE) has broken into systems of an Australian Internet company managing addresses of some of the world’s most prominent news websites.
The Syrian Electronic Army (SAE) has broken into systems of an Australian Internet company managing addresses of some of the world’s most prominent news website, including the New York Times and the Huffington Post.
The SAE – a group of supporters of the Syrian President Bashar al-Assad – managed to redirect The New York Times website to a server controlled by the Syrian group before disabling it for several hours.
The Huffington Post has been affected to a much lesser extent with only the blogging platforms at the British web address breached. The micro-blogging platform Twitter has also reported availability issues.
“This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on third public services to conduct their business,” said Barry Shteiman, Senior Security Strategist at a data security company Imperva.
“While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premise – it is a much harder practice when some of that infrastructure is provided by a third party like an ISP or a DNS Hoster,” he said.
The DNS hosting is used to direct web traffic to a specific server containing the website a user wants to visit. It makes it possible to browse Internet using simple word-based addresses instead of the IP addresses based on complex sets of numbers.
All of the sites subjected to today’s attacks have this service provided through MebourneIT – an Australian Internet service company.
MelbourneIT said the illegal access to their system was obtained through an Indian reseller who has opened a fake email to elicit login details.
"The SEA went after the company specifically to create a high-profile event," said Theo Hnarakis, CEO of MelbourneIT. "This was quite a sophisticated attack."
The hackers managed to access email of a staff member who works as the direct manager of the NYTimes domain, along with other media companies, and retrieved the password from his correspondence.
Hnarakis confirmed the SAE targeted several other websites, but was unsuccessful, as these companies had secondary security measures and registry locks in place.
MelbourneIT managed to gain control over the situation, restoring the correct domain name settings and changing the password on the compromised account.
The attack came as the western forces are discussing the possible intervention against the Syrian government.
“It makes lots of sense for a hacktivist group that wishes to display their message and show that they exist – to go after high end media,” Barry Shteiman said. “The Syrian Electronic Army has been actively hacking Twitter accounts of news sites and has recently escalated to hacking into the websites themselves to create awareness.”
Earlier this year, the SAE has targeted websites of CNN, Time and the Washington Post also using the third party service providers as a gateway.