Syrian Electronic Army implicated in Twitter, New York Times attacks

The hacker group gets administrator privileges for Twitter's domain name record and also appears involved in a New York Times' Web site outage.

A Syrian Electronic Army e-mail address is listed with control over the domain.
A Syrian Electronic Army e-mail address is listed with control over the domain. Screenshot by Stephen Shankland/CNET

The Syrian Electronic Army apparently took control over the Web site address record Tuesday, the hacker group's latest attack on high-profile Internet sites.

The whois record, which lists the owner of the Web address names called domains, listed the owner's e-mail address as The site continued to function, however.

The New York Times' Web site went down on Tuesday afternoon, and the SEA is a suspect there, too. "Our initial assessment is that this is most likely the result of a malicious external attack," the Times said in a statement on Facebook. The Syrian Electronic Army is a suspect: Gawker published a screenshot of the newspaper's site that said, simply, "Hacked by SEA."

In an article, The New York Times said the problem occurred because of an attack on the domain name registrar it uses to keep control over the name.

"The New York Times Web site was unavailable to readers on Tuesday afternoon following an attack on the company's domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive e-mails," the story said. "The Syrian Electronic Army, a hacker collective that supports the Syrian president, Bashar al-Assad, is believed to have attacked the sites or social media accounts of several prominent media organizations."

A tweet by Twitter user Official_SEA16 said, "Hi @Twitter, look at your domain, its owned by #SEA :)"

SEA has found Twitter to be a fruitful avenue of attack. In recent months, it's taken over the Twitter feeds of Thomson Reuters, the BBC, 60 Minutes, and The Associated Press.

A Syrian Electronic Army Twitter account claimed credit for the Twitter attack.
A Syrian Electronic Army Twitter account claimed credit for the Twitter attack. screenshot by Stephen Shankland/CNET

Twitter said in a statement that it had problems displaying images on its service when the attack rerouted image-serving requests to somebody else's server.

At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS [Domain Name Service] records for various organizations were modified, including one of Twitter's domains used for image serving, Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for was restored. No Twitter user information was affected by this incident.

CNET contacted The New York Times for comment and will update this story with its response.

The New York Times posted links on Facebook to articles with hard-coded numeric Internet addresses rather than the "" domain. Here's a Times story saying U.S. military options for action in Syria, for example. That numeric addresses still work suggests that the problem is with the Times' Domain Name System (DNS) record, which tells Web browsers what numeric Internet address to use to use for human-readable addresses like ""

Indeed, according to DNS records published by security expert Brian Krebs, the New York Times Internet addresses redirected to addresses.

Although the SEA didn't get control over Twitter's Domain Name Server listing, which would have allowed it to redirect Web site traffic to a server with an IP address of its own choosing, it did get control of a secondary server used for graphics.

"Oh yeah, look at that. twimg[dot]com DNS records changed to also," Krebs said, posting a screenshot of the record. The address is used to host images on Twitter.

Update, 4:13 p.m.: Added more information about the attack on The New York Times and a statement from Twitter.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Is 'Chipgate' the new iPhone controversy?

We survived "Bendgate" with the iPhone 6 -- is it "Chipgate" for the iPhone 6S? Plus, you can expect the new iPad Pro and Apple TV by early November.

by Brian Tong