Twitter.com, NYTimes.com and more taken down in Syrian hack

The SEA strikes through DNS servers.

Hackers took down the New York Times, Twitter and Huffington Post websites overnight through a method known as DNS hijacking. Although the NYT's website is still down this morning, the rest appear to be back up, albeit with continued problems on some subsystems. The Syrian Electronic Army (SEA) hacking collective is obliquely claiming responsibility on Twitter.

The SEA is famous for finding novel entry-points into a company's online presence, and this is no different. Rather than hacking into the companies' servers directly, DNS hijacking allows an attacker to redirect the web address which normally points to the servers on which the site is stored.

Every server on the internet has a unique IP address, a 12-digit code which refers to its virtual location. But in order to avoid having to remember all these numbers, there's a second system which sits on top of IP addresses, which lets us type in the alphanumeric domain names we all know and love. When someone enters nytimes.com into their address bar, the browser looks up the domain name using a Domain Name System (DNS) server; that server then tells your browser what IP address the URL points to, the two computers connect, and everything works happily.

What happened overnight is that the SEA managed to break into the website of Melbourne IT, the company which the New York Times and others used to register those domain names. They then changed the records so that instead of pointing to the New York Times' website, the address pointed to theirs.

On the one hand, that's a lot less bad than it would be if the servers themselves were broken into. The New York Times continued to publish normally to their IP address, 170.149.168.130, and don't appear to have lost any data or sensitive information. On the other hand, the sites were still down, and the redirect still exposed users to potential security risks. For instance, it would be possible to build a passable version of a log-in page and steal a lot of passwords. When it comes to Twitter, one of the affected companies, the problems are even greater: the site has a lot of code embedded throughout the internet, in the form of tweet buttons and single-sign-in services. If the SEA had wanted, that could have been the beginning of a much more serious collection of hacks.

As it is, the group appears to have limited themselves to their normal operations, the digital equivalent of graffiti. Albeit graffiti in a very prominent place. But that it was so easy to take down the sites of such huge media organisations should give us all the shivers. The internet is a long way from secure, and some of the biggest problems left are fundamental to how the whole thing works.

What happens if you visit NYTimes.com

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

Fark.com’s censorship story is a striking insight into Google’s unchecked power

The founder of the community-driven website claims its advertising revenue was cut off for five weeks.

When Microsoft launched its new search engine Bing in 2009, it wasted no time in trying to get the word out. By striking a deal with the producers of the American teen drama Gossip Girl, it made a range of beautiful characters utter the words “Bing it!” in a way that fell clumsily on the audience’s ears. By the early Noughties, “search it” had already been universally replaced by the words “Google it”, a phrase that had become so ubiquitous that anything else sounded odd.

A screenshot from Gossip Girl, via ildarabbit.wordpress.com

Like Hoover and Tupperware before it, Google’s brand name has now become a generic term.

Yet only recently have concerns about Google’s pervasiveness received mainstream attention. Last month, The Observer ran a story about Google’s auto-fill pulling up the suggested question of “Are Jews evil?” and giving hate speech prominence in the first page of search results. Within a day, Google had altered the autocomplete results.

Though the company’s response may seem promising, it is important to remember that Google isn’t just a search engine (Google’s parent company, Alphabet, has too many subdivisions to mention). Google AdSense is an online advertising service that allows many websites to profit from hosting advertisements on its pages, including the New Statesman itself. Yesterday, Drew Curtis, the founder of the internet news aggregator Fark.com, shared a story about his experiences with the service.

Under the headline “Google farked us over”, Curtis wrote:

“This past October we suffered a huge financial hit because Google mistakenly identified an image that was posted in our comments section over half a decade ago as an underage adult image – which is a felony by the way. Our ads were turned off for almost five weeks – completely and totally their mistake – and they refuse to make it right.”

The image was of a fully-clothed actress who was an adult at the time, yet Curtis claims Google flagged it because of “a small pedo bear logo” – a meme used to mock paedophiles online. More troubling than Google’s decision, however, is the difficulty that Curtis had contacting the company and resolving the issue, a process which he claims took five weeks. He wrote:

“During this five week period where our ads were shut off, every single interaction with Google Policy took between one to five days. One example: Google Policy told us they shut our ads off due to an image. Without telling us where it was. When I immediately responded and asked them where it was, the response took three more days.”

Curtis claims that other sites have had these issues but are too afraid of Google to speak out publicly. A Google spokesperson says: "We constantly review publishers for compliance with our AdSense policies and take action in the event of violations. If publishers want to appeal or learn more about actions taken with respect to their account, they can find information at the help centre here.”

Fark.com has lost revenue because of Google’s decision, according to Curtis, who sent out a plea for new subscribers to help it “get back on track”. It is easy to see how a smaller website could have been ruined in a similar scenario.


The offending image, via Fark

Google’s decision was not sinister, and it is obviously important that it tackles things that violate its policies. The lack of transparency around such decisions, and the difficulty getting in touch with Google, are troubling, however, as much of the media relies on the AdSense service to exist.

Even if Google doesn’t actively abuse this power, it is disturbing that it has the means by which to strangle any online publication, and worrying that smaller organisations can have problems getting in contact with it to solve any issues. In light of the recent news about Google's search results, the picture painted becomes more even troubling.

Update, 13/01/17:

Another Google spokesperson got in touch to provide the following statement: “We have an existing set of publisher policies that govern where Google ads may be placed in order to protect users from harmful, misleading or inappropriate content.  We enforce these policies vigorously, and taking action may include suspending ads on their site. Publishers can appeal these actions.”

Amelia Tait is a technology and digital culture writer at the New Statesman.