The Syrian Electronic Army (SEA) has struck again and this time the victims are Twitter, Huffington Post and the NY Times. The attacks saw SEA get access to the website’s registry accounts and alter contact details and DNS records.
— SyrianElectronicArmy (@Official_SEA16) August 27, 2013
The attack was first noticed and reported by Matthew Keys, who later confirmed that DNS records of these websites were indeed altered. Modifying a website’s DNS records is quite serious as a hacker can redirect any user to a different website of his choosing. In addition to Twitter’s DNS records, SEA also got access to twimg.com, which Twitter uses for its CSS, JS, images, cookies and more. Later in the evening, Twitter acknowledged the attack in the following statement.
At 20:49 UTC, our DNS provider experienced an issue in which it appears DNS records for various organizations were modified, including one of Twitter’s domains used for image serving, twimg.com. Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident.
Equally serious were attacks on the DNS records of the NY Times and the Huffington Post. Services though went back to normal in a few hours. These attacks aren’t isolated incidents and the Syrian Electronics Army has been hacking global media websites like BBC, Thomson Reuters, Telegraph, Associate Press, FT, The Onion and more.