Syrian Electronic Army (SEA), the hackers’ group supporting Syrian President Assad al-Bashar’s moves in the country, has finally come out in open striking the U.S. in its own way.
Weeks after the SEA attacked The Washington Post it targeted the New York Times and Twitter websites on Tuesday. Though the attack wasn’t a direct one into the main servers of the New York Times site, but it did stopped many people from accessing the news portal.
As the website became ‘unavailable’, talks of the NYT site getting hacked started surfacing. However, the fact is the website was neither hacked nor the SEA could manage to bring it down.
Why the users weren’t reaching the site
Unlike The Washington Post attack, wherein the SEA targeted the Post server directly in a phishing attack, in NYT’s case the attack was the domain name system (DNS).
As the New York Time’s domain is registered by an Australian web hosting company – Melbourne IT – the SEA targeted DNS in the account of Melbourne IT’s one of the resellers and changed the IP addresses of many of its clients, including the New York Times and Twitter.
Why DNS is important
DNS basically converts an IP address, which is always a set of numbers, into a domain name like nytimes.com or techloon.com so it becomes easy for people to remember. The SEA, after gaining access into the server of Melbourne IT, replaced the IP of the New York Time website with a portal it wanted to direct the web traffic to. So when people typed in nytimes.com the traffic diverted to a different IP address instead of going to 170.149.168.130.
According to a Zdnet report, the hosting company admitted that “valid credentials were used to log in to one of its reseller accounts responsible for the affected domain names, including nytimes.com.
The company also said that a security features like registry lock were not in use in any of the domains the reseller was managing, and that is the major reason the SEA could change the DNS of many websites including the New York Times and Twitter. Melbourne IT said that the domains using the security feature are up and working unaffected.
SEA fails
The incident has, no doubt, made big headlines across the world, but the SEA also didn’t succeed in its plans.
The SEA had planed to divert the traffic to a page showing an ‘anti-war message’ but its own server gave up at the last time. “The @nytimes attack was going to deliver an anti-war message but our server couldn’t last for 3 minutes,” the SEA tweeted.
The hackers’ group also claimed to bring down Twitter and Huffington Post. The two websites work working fine in some parts of the world, but some countries reported the outage.
However, the SEA did succeed in troubling Melbourne IT as it hacked the company’s blog page showing a defacement message, “Hacked By SEA, Your Servers security is very weak.”
The admin of the site act swiftly and at the time of writing, the page was down with an error message, “The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.”
Russia-Syria bond
The al-Assad regime of Syria is coming into intense international pressure after last week’s gas attack on the rebels. At the time when UN is probing the attack and suspecting the hand of the Syrian President’s brother’s involvement in the attack; and countries like U.S. and UK are contemplating military action against the country, Russia is the only country Syria can look at as its biggest ally.
In the case of this entire cyber saga, Russia has emerged as the ally of the Syrian Electronic Army.
SEA’s website sea.sy’s IP location is based back Russian capital of Moscow.