By Ian Bush
PHILADELPHIA (CBS) — The New York Times web site is hobbling back to life after a cyberattack yesterday. So is Twitter, which also fell victim to hackers.
And we probably haven’t seen the last of this kind of crime.
The “Syrian Electronic Army” claims it is behind what kept nytimes.com from showing anything but a blank screen yesterday.
“We know that personal information is not being stolen,” notes Drexel University criminal justice professor Rob D’Ovidio, referring to the latest attacks. “We know that misinformation is not being put out there by changing news stories, etc. These would be much more damaging.”
D’Ovidio says this low-level attack — what’s called a DNS (Domain Name System) hijack — still is a critical security breach for a company, especially one that counts on web pageviews to drive advertising dollars.
It appears as if the hackers “phished” a username and password to gain access to the Australia-based hosting company that serves up the Times to browsers; once in, they switched the DNS record.
Think of it as if someone changed the phone number of one of your smartphone contacts: you touch the right name, but your phone dials someone strange. (DNS links an easy-to-remember name like “nytimes.com” to its numerical location on the Internet; in this case, http://184.108.40.206.)
Twitter says one of its DNS records was also altered, which “sporadically impacted” the viewing of images and photos on the service.
“It’s gotten us talking about it,” says D’Ovidio. “That’s the end game for these people: they want attention to their cause.”
So he expects more of the same if the US and its allies strike Syria.