, and more taken down in Syrian hack

The SEA strikes through DNS servers.

Hackers took down the New York Times, Twitter and Huffington Post websites overnight through a method known as DNS hijacking. Although the NYT's website is still down this morning, the rest appear to be back up, albeit with continued problems on some subsystems. The Syrian Electronic Army (SEA) hacking collective is obliquely claiming responsibility on Twitter.

The SEA is famous for finding novel entry-points into a company's online presence, and this is no different. Rather than hacking into the companies' servers directly, DNS hijacking allows an attacker to redirect the web address which normally points to the servers on which the site is stored.

Every server on the internet has a unique IP address, a 12-digit code which refers to its virtual location. But in order to avoid having to remember all these numbers, there's a second system which sits on top of IP addresses, which lets us type in the alphanumeric domain names we all know and love. When someone enters into their address bar, the browser looks up the domain name using a Domain Name System (DNS) server; that server then tells your browser what IP address the URL points to, the two computers connect, and everything works happily.

What happened overnight is that the SEA managed to break into the website of Melbourne IT, the company which the New York Times and others used to register those domain names. They then changed the records so that instead of pointing to the New York Times' website, the address pointed to theirs.

On the one hand, that's a lot less bad than it would be if the servers themselves were broken into. The New York Times continued to publish normally to their IP address,, and don't appear to have lost any data or sensitive information. On the other hand, the sites were still down, and the redirect still exposed users to potential security risks. For instance, it would be possible to build a passable version of a log-in page and steal a lot of passwords. When it comes to Twitter, one of the affected companies, the problems are even greater: the site has a lot of code embedded throughout the internet, in the form of tweet buttons and single-sign-in services. If the SEA had wanted, that could have been the beginning of a much more serious collection of hacks.

As it is, the group appears to have limited themselves to their normal operations, the digital equivalent of graffiti. Albeit graffiti in a very prominent place. But that it was so easy to take down the sites of such huge media organisations should give us all the shivers. The internet is a long way from secure, and some of the biggest problems left are fundamental to how the whole thing works.

What happens if you visit

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Show Hide image

You are living in a Black Mirror episode and you don’t care

The Investigatory Powers Bill is likely to become law later this year, but barely anyone is resisting the dystopian surveillance it will bring.

“They’re all about the way we live now – and the way we might be living in 10 minutes’ time if we're clumsy,” explained Charlie Brooker when asked to describe the concept behind his science fiction series Black Mirror. When series three was released on Netflix last week, this sentiment was reiterated over and over. “Omg, it’s just like Instagram!!!!” squealed individuals in their masses after watching episode one, “Nosedive”, set in a world where everyone rates one another out of five after their interactions. The parallel with social media is easy, obvious, and intentional, but it doesn’t teach us much. The real ways in which our world is like a dystopian sci-fi are, in fact, much more boring.

There will be no suspenseful songs or dramatic jump cuts preluding the third reading of the Investigatory Powers Bill in the House of Lords next week. The “snoopers’ charter” is likely to become law after it passed through its House of Commons readings with a few amendments, with 444 MPs voting in favour and 69 against. In short, the Bill will give the government unprecedented surveillance powers, allowing them to intercept and collect your communications, collect a list of the websites you visit and search it without a warrant, and force your internet service provider to help them collect your data.

Even though this is highly comparable to the dark visions of the future offered by Black Mirror, no one cares. Though the Bill faced initial resistance when it was announced in 2015, it has passed through its readings relatively unscathed. Black Mirror should provide a prime opportunity to discuss issues around privacy, but people prefer to compare dystopias to things they already hate. Lord help us all if we take selfies or stare at a device which is simultaneously an encyclopaedia, a newspaper, a book, a map, a bank, a radio, a camera and a telephone for more than ten minutes.

Yet the Investigatory Powers Bill does hold many parallels to the last episode of Black Mirror series three, “Hated in the Nation”. In it, the government use autonomous drones shaped like bees to spy on its people, which are then hacked to murder hated public figures. “Ok! The government’s a c**t, we knew that already,” says DCI Karin Parke, moving on to the real issue – not that the government spies on its citizens, but that the spying device can be hacked by those naughty, naughty citizens themselves.

The hacker – Garrett Scholes – has programmed the bees to kill whoever gets the most votes on Twitter via the hashtag #DeathTo. Then, in a Jon-Ronson-worthy twist, he sets the bees on the people who used the hashtag in the first place. The actual, moral, wake-up-sheeple message of “Hated in the Nation”, then, is that we should be careful who we wish death upon on social media. But it is precisely this freedom that we should be protecting. Under the Investigatory Powers Bill, your emails and search history could be used to argue that you really want to kill Katie Hopkins, rather than were just blowing off steam.

Yet it’s hard to blame anyone for ignoring the Bill, which is off-putting not because it’s not an episode of Black Mirror, but because it is long and confusing. Breaking through the terminology is hard, even in the handy fact sheets provided, and the government can claim transparency while using alienating language and concepts.

“Some of the powers in the Bill are deeply intrusive, and with very little possible justification,” warned former MP Dr Julian Huppert last week, “the cost to all of our privacy is huge.” The good news is that you don’t have to worry about metal bees spying on you, and the bad news is that this is because the government will soon have permission to do it the easy way.


Now listen to a review of the new series of Black Mirror on the NS pop culture podcast, SRSLY:

Amelia Tait is a technology and digital culture writer at the New Statesman.