Twitter.com, NYTimes.com and more taken down in Syrian hack

The SEA strikes through DNS servers.

Hackers took down the New York Times, Twitter and Huffington Post websites overnight through a method known as DNS hijacking. Although the NYT's website is still down this morning, the rest appear to be back up, albeit with continued problems on some subsystems. The Syrian Electronic Army (SEA) hacking collective is obliquely claiming responsibility on Twitter.

The SEA is famous for finding novel entry-points into a company's online presence, and this is no different. Rather than hacking into the companies' servers directly, DNS hijacking allows an attacker to redirect the web address which normally points to the servers on which the site is stored.

Every server on the internet has a unique IP address, a 12-digit code which refers to its virtual location. But in order to avoid having to remember all these numbers, there's a second system which sits on top of IP addresses, which lets us type in the alphanumeric domain names we all know and love. When someone enters nytimes.com into their address bar, the browser looks up the domain name using a Domain Name System (DNS) server; that server then tells your browser what IP address the URL points to, the two computers connect, and everything works happily.

What happened overnight is that the SEA managed to break into the website of Melbourne IT, the company which the New York Times and others used to register those domain names. They then changed the records so that instead of pointing to the New York Times' website, the address pointed to theirs.

On the one hand, that's a lot less bad than it would be if the servers themselves were broken into. The New York Times continued to publish normally to their IP address, 170.149.168.130, and don't appear to have lost any data or sensitive information. On the other hand, the sites were still down, and the redirect still exposed users to potential security risks. For instance, it would be possible to build a passable version of a log-in page and steal a lot of passwords. When it comes to Twitter, one of the affected companies, the problems are even greater: the site has a lot of code embedded throughout the internet, in the form of tweet buttons and single-sign-in services. If the SEA had wanted, that could have been the beginning of a much more serious collection of hacks.

As it is, the group appears to have limited themselves to their normal operations, the digital equivalent of graffiti. Albeit graffiti in a very prominent place. But that it was so easy to take down the sites of such huge media organisations should give us all the shivers. The internet is a long way from secure, and some of the biggest problems left are fundamental to how the whole thing works.

What happens if you visit NYTimes.com

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Lifestage
Show Hide image

Everything that is wrong with the app Facebook doesn't want over 21s to download

Facebook's new teen-only offering, Lifestage, is just like your mum: it's trying too hard to relate and it doesn't care for your privacy.

Do you know the exact moment Facebook became uncool? Designed as a site to connect college students in 2004, the social network enjoyed nearly a decade of rapid, unrivalled growth before one day your mum – yes, your mum – using the same AOL email address she’s had since her dial-up days, logged on. And then she posted a Minion meme about drinking wine.

Facebook knows it’s uncool. It had a decline in active users in 2014, and in 2015 a survey of 4,485 teens discovered it came seventh in a ranking of ten social apps in terms of coolness. In fact, only 8 per cent of its users are aged between 13 and 19. This is the main reason the corporation have now created Lifestage, an app specifically for under-21s to “share a visual profile of who [they] are with [their] school network”.

Here’s how it works. After signing up and selecting their school, users are prompted to create a series of short videos – of their facial expressions, things they like, and things they dislike – that make up their profile. Once 20 people from any school sign up, that school is unlocked, meaning everyone within it can access one another’s profiles as well as those from nearby schools. Unlike Snapchat (and truly, this is the only thing that is unlike Snapchat) there is no chat function, but teens can put in their phone number and Instagram handles in order to talk. Don’t worry, though, there are still vomit-rainbows.

But with this new development, rather than hosting your mum, Facebook has become her. Lifestage is not only an embarrassing attempt to be Down With The Kids via the medium of poop emoji, it is also an invasive attempt to pry into their personal lives. Who’s your best friend? What do you like? What’s not cool? These are all questions the app wants teens to answer, in its madcap attempt to both appeal to children and analyse them.

“Post what you are into right now – and replace the video in that field whenever you want,” reads the app description on the iTunes store. “It's not just about the happy moments – build a video profile of the things you like, but also things you don’t like.” They might as well have written: “Tell us what’s cool. Please.”

Yet this is more than an innocent endeavour to hashtag relate, and is a very real attempt, like Facebook’s many others, to collect as much data on users as possible. Teens – no matter how many hot pink splashes and cartoon toilet rolls are used to infantilise them – are smart enough to have figured this out, with one of the 16 reviews of the app on the iTunes store titled “Kinda Sorta Creepy”, and another, by a user called Lolzeka, reading:

“I don't like how much information you have to give out. I don't want my phone number to be known nor do I want everyone to know my Instagram and Snapchat. I could not figure out how to take a picture or why my school was needed. Like I said, I don't want all my information out there.”

But Facebook already knows everything about everyone ever, and it’s not this data-mining that is the most concerning element of the app. It is the fact that – on an app specifically designed for children as young as 13 to share videos of themselves – there is no user verification process. “We can't confirm that people who claim to go to a certain school actually go to that school,” Facebook readily admits.

Although the USP of this app is that those over the age of 21 can only create a profile and aren’t allowed to view others, there isn’t a failsafe way to determine a user’s age. There is nothing to stop anyone faking both their age and the school they go to in order to view videos of, and connect with, teens.

Yet even without anyone suspicious lurking in the shadows, the app’s privacy settings have already come under scrutiny. The disclaimer says all videos uploaded to Lifestage are “fully public content” and “there is no way to limit the audience of your videos”. Despite the fact it is designed to connect users within schools, videos can be seen anyone, regardless of their school, and are “viewable by everyone”.

Of course none of this matters if teens don’t actually bother to use the app, which is currently only available in the US. Lifestage’s creator, 19-year-old Michael Sayman, designed it as a “way to take Facebook from 2004 and bring it to 2016”. Although he has the successful app 4Snaps under his belt, there is no guarantee Lifestage will succeed where Facebook’s other app attempts (Notify, Facebook Gifts, Poke) have not.

There are a few tricks Facebook has put in place to prompt the app to succeed, including the fact that users are ranked by how active they are, and those who don’t post enough updates will be labelled with a frowning or (here we go again) poop emoji. Still, this hardly seems enough for an app whose distinguishing feature is “Privacy? Nah.” 

Only time will tell whether the app will appeal to teens, but one thing is certain: if it does, your mum is totally downloading it.

Amelia Tait is a technology and digital culture writer at the New Statesman.