Understanding the hacking of the New York Times

By Barry Shteiman

The attack against the New York Times (NYT) was a Domain Name System (DNS) breach. Hackers infiltrated the DNS broker that holds the translation records for nytimes.com, sending users to the Syrian Electronic Army’s own website. The attack could have been prevented by securing the DNS server.

This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on third public services to conduct their business. While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premise – it is a much harder practice when some of that infrastructure is provided by a third party, like an Internet Service Provider or a DNS host. At some point, Chief Information Officers need to realise that critical pieces of their online entities are controlled by vendors and security policies should apply to them as well.

It makes a lot of sense for a hacktivist group that wishes to display their message and show that they exist – to go after high end media. The Syrian Electronic Army have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is in an essence, what hacktivism is. There is no profit involved. Making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after.

Companies should create contingency plans, and check the security measurements taken by their third party content and infrastructure providers. A DNS is unfortunately, a great example. Another point to make is that this is not the only DNS hijack that we have seen in the last few months, specifically to target media sites and social networks. Collaboration or case study based approach should have alerted NYT to check what their infrastructure providers are doing to protect their clients.

About the author

Barry Shteiman is Imperva’s Senior Security Strategist where he works directly with the CTO Office and Imperva’s dedicated security research organization, the Application Defense Center. Barry has also authored several application security tools and contributed code to a number of open source security projects. Barry is dedicated contributor to Imperva’s security blog as well as an active tweeter. He encourages you to follow him on Twitter @bshteiman and ask him any security question you want.

About Imperva

For nearly a decade, Imperva, a pioneer in data security, has brought a complete security lifecycle to provide visibility and control for databases including the people and applications that access them. The world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s