N.Y. Times hack tip of iceberg

The worst hacker attack in the paper's history is part of a larger fight between the hack community and two Times writers.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
4 min read
Facing the worst hacker attack in its history, the New York Times found itself caught in the cross fire between computer hackers and people who write about them.

The attack, which left the New York Times site strewn with pornographic images and a rant replete with profanity and racial epithets, targeted Times reporter John Markoff, the coauthor of a book about accused and imprisoned computer hacker Kevin Mitnick.

It even more vehemently targeted Carolyn Meinel, the author of a book and other works on computer hacking. A group called "Hacking for Girlies" (HFG) took credit for the attack.

The New York Times discovered the hack at about 4:50 a.m. PT yesterday. The Times Webmasters immediately took down the hack, but the hackers put it back up. At 7:20 a.m. the company decided to take down the site so Webmasters could figure out how the hackers were getting in, said Times spokeswoman Nancy Nielson. After plugging the hole that had allowed access, Webmasters put the site back up at 4:40 p.m., more than nine hours later, she said.

The attack closely followed the release of independent counsel Kenneth Starr's report to Congress on the sexual relationship between President Clinton and former White House intern Monica Lewinsky, and therefore brought the Times site down during an unusually busy news period. Hackers also struck, perhaps strategically, on a Sunday, which is traditionally the most important day for newspapers.

The hack is archived on the online hacking publication AntiOnline.

The New York Times is working with the FBI in investigating the attack, according to Nielson.

"We contacted them around noon," she said. "They had heard of [the hacking group] HFG before and we're working together to track them down."

Yesterday's attack was not the first for the New York Times, though it was the most debilitating so far. Two years ago, the site fell victim to a "mail-bomb" or "denial-of-service" attack in which attackers flooded its servers with bogus requests to crowd out legitimate users.

"This attack is much more serious because they were able to get onto our home page with their message," Nielson said. "We're taking this very seriously. That's why we contacted the FBI."

The Times attackers posted much of their message in the source code to the bogus page. In it, they accused Markoff of helping bring about the lengthy imprisonment of Mitnick, which has become a cause celebre among computer hackers.

Mitnick has several prior convictions and has been in prison awaiting trial on new charges since February 1995.

The Times hackers reserved most of their fire for author Meinel, however, accusing her of egging them on to commit worse computer crimes so that she could cover the story, of colluding with them to deceive the FBI, and of offering the hackers a portion of the proceeds from her book's earnings.

Meinel denied the accusations and characterized the hackers' attack on her as part of a long-standing war between them.

"Every ISP I have used over the past two years has been assaulted by these guys," Meinel said. She noted that the hackers thus far had failed to break into her home computer or deface her Web site, but that her server logs showed evidence of numerous attempted attacks. She also said that previous hacks of third-party Web sites had attacked her in similar terms.

Meinel credited her book, The Happy Hacker, as the original point of contention between herself and the attackers.

"That book was what incited this whole hacker war," Meinel said. "They were enraged when they saw that instead of glorifying computer criminals, it makes fun of them."

Meinel said it was largely a matter of luck that the hackers were able to penetrate the New York Times site and not her own personal sites.

"I'm not arrogant enough to say they'll never hack my Web site," she said. "It's really the mercy of luck. When I see a break-in, I don't assume it was a brilliant genius behind it, I assume they just got lucky."

One security expert said the fact that the attackers were able to get into the Times site, while other obvious targets--such as Markoff's book's site--remained unscathed indicated that the hackers had found an anomalous hole.

"The worst nightmare is that there is a glaring hole out there that we are completely unaware of and everyone is vulnerable to it," said David Kennedy, director of research at the International Computer Security Association.

Kennedy also said there was nothing new or surprising about the hackers' choice of targets.

"The cracker community has so much antipathy toward Carolyn Meinel, almost any successful penetration or modification of a Web site is likely to have some type of vituperative comment about her," Kennedy said. "It's the same thing with the Kevin Mitnick issue. Any penetration of a Web site is a chance to try to champion his alleged human rights violation. Those are just two of the hot buttons with the underground community right now."

Indeed, the Times is not the first major Web site to find itself hacked by Mitnick sympathizers. Yahoo fended off a brief hack along those lines last year.