New York Times website hacked
Less than two weeks after suffering a prolonged website outage, the New York Times was knocked offline again on Tuesday—apparently as the result of a malicious hacking attack.
The paper’s main webpage was intermittently unavailable for several hours Tuesday afternoon and remained that way as of 5:30 p.m. ET.
In an initial Twitter post, the Times blamed the outage on “technical problems.” But later, the newspaper’s director of corporate communication indicated that the site might have been knocked offline in a hacker attack. “re: http://nytimes.com - initial assessment - issue is most likely result of malicious external attack. working to fix,” Murphy said in a tweet.
In another tweet, the Times said it would continue to publish stories as it worked to resolve the issue. The message contained a link to a story on Syria with an IP address registered with the company that bypassed its DNS.
Initial evidence suggested that the attack might have been the work of the Syrian Electronic Army, according to a security researcher quoted by the Washington Post.
This marks the second time this month that the paper’s main website has crashed. On Aug.14, the site was knocked offline for more than two hours and then struggled with sluggish performance for two more hours as the result of what the paper described as a technical glitch.
That outage, which also took down the Times’ mobile application, occurred seconds after a scheduled site maintenance update, the company said at that time. The incident caused some speculation about whether the site had been hacked or had really gone down because of a technical issue as the paper claimed.
In January, the Times disclosed that attackers belonging to a Chinese hacking group had gained access to its networks and systems and remained undetected for four months. The intrusion happened in September 2012, when the paper was doing a story on China’s Prime Minister Wen Jiabao, the paper noted.
Security experts speculated at that the hackers might have gained an initial foothold on the company’s website via a targeted, specially crafted phishing email.