The Syrian Electronic Army has been blamed for attacks on the New York Times, Twitter, Huffington Post UK and an Australia-based domain name provider, with future attacks widely expected.
For the second time this month, the New York Times website was brought down, followed soon after by Twitter and the Huffington Post UK; all three website are now back online, but their downtime is believed to stem from an attack on Melbourne IT, a domain name provider shared by the three companies.
Marc Frons, chief information officer for The New York Times Company, issued a statement warning employees that the disruption was "the result of a malicious external attack," and he advised staff to "be careful when sending email communications until this situation is resolved."
During the three-hour downtime NY Times resorted to publishing stories in full on its Facebook page and on a mirror site, duplicating content on the newspaper's main site.
Frons said the attack was carried out by a group of hackers known as the Syrian Electronic Army, "or someone trying very hard to be them."
The Syrian Electronic Army supports President Bashar al-Assad of Syria and readers trying to visit the NY Times at the time of the attack were redirected to a Syrian web domain; although not specifically claiming the attack was their work, the SEA retweeted reports of the NY Times' problems.
Later that evening, the SEA struck again, this time taking down Twitter's UK website and tampering with the company's domain name settings to change ownership from Twitter to 'SEA SEA'.
"Hi Twitter, look at your domain, it's owned by SEA," the group tweeted, along with a screenshot showing the altered information.
— SyrianElectronicArmy (@Official_SEA16) August 27, 2013
A status update from Twitter confirmed the attack, stating "our DNS provider [Melbourne IT] experienced an issue in which it appears DNS records for various organisations were modified, including one of Twitter's domains used for image service, twimg.com. Viewing of images and photos was sporadically impacted."
Twitter confirmed that no user information was affected by the incident, and the service is back online at the time of publication.
More attacks expected
Michael Fey, chief technology officer at cyber security firm McAfee, said that as long as media organisations continue to report the news, they will continue to be targets of cyber attacks. "Regardless of technology or tactics deployed, we should expect to see more of these attacks," he said.
Frons of the NY Times said these attacks were much more sophisticated than those previously conducted by the SEA, which saw Twitter accounts of news organisations including the Financial Times, BBC and Associated Press compromised. An attacked on the AP's Twitter feed saw the stock market plunge briefly after a false tweet was published claiming Barack Obama had been injured in explosions at the White House.
Frons said: "In terms of the sophistication of the attack, this is a big deal. It's sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of websites."
Speaking to Business Insider, Melbourne IT said it is currently reviewing traffic logs to see if it can obtain information on the identity of whoever conducted the attack, promising to share this information with the authorities.
The company added: "We will also review additional layers of security that we can add to our reseller accounts."
The Huffington Post UK was also targeted in the attack, but is yet to issue a statement.