I was watching a news program last night, and the discussion of the most recent attack on the New York Times came up. Hackers, believed to be the Syrian Electronic Army, disrupted service to the site on Tuesday, and as of Wednesday at noon, the site was slowly being revived. Readers were being sent to an alternate temporary site.
The news anchor posed the question: Is this a cyber war? I think it is a legitimate question because of the current tensions and talks of potential attacks on Syria in response to the civil unrest in that country. But I think the answer is no, it is not a cyber war. I think it was the Syrian Electronic Army making a statement to the world that they don’t like U.S. policies. I also think that it is one in a growing number of incidents that shows just how vulnerable our networks are and how people who want to make a statement are exploiting those vulnerabilities.
In the New York Times hack, the Syrian Electronic Army used a third party to get into the newspaper’s network. According to PC Magazine:
a hack of Internet registrar MelbourneIT allowed the Syrian Electronic Army to compromise the newspaper’s website.
To understand the attack, it’s important to understand three key entities on the Internet: 1) registries; 2) registrars; and 3) recursive DNS providers. . . . You purchase and manage domains through organizations known as registrars. NYTimes.com is managed by a registrar known as MelbourneIT. MelbourneIT has traditionally been known as one of the more secure registrars.
As Aaron Titus, CPO/General Counsel at Identity Finder, told me in an email, any time you integrate third-party code into your site, it presents a new attack vector for hackers.
You must not only ensure your own code is secure, but you must also rely upon third parties’ security practices. Third party content integration is standard on almost every website. YouTube videos, Flash plugins, and Google Analytics are just three common examples of third party apps and code. If any one of them has a vulnerability, then your website may be affected.
The Syrian Electronic Army also hacked Twitter this week. It’s obvious that they are out to make a statement in support of their country’s leader. These attacks should also be reminders that networks are vulnerable in multiple ways, and even the most secure third party with access to your network can cause serious trouble.