People on Twitter began reporting the site was down as early as 3 p.m. ET. The newspaper’s website was still not accessible to many desktop users almost six hours later. Some users also reported difficulty accessing the Times’ mobile site and apps.
The newspaper posted a message on its Facebook page about 5 p.m. ET that said, “Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack.”
New York Times chief information officer Marc Frons sent the same update internally to employees at 4:20 p.m. and advised them not to send out sensitive emails “until this situation is resolved,” according to a statement from the New York Times. The outage was the result of an attack on the company’s domain name registrar, Melbourne IT.
Frons said the attack was the work of “the Syrian Electronic Army or someone trying very hard to be them,” according to the New York Times. The Syrian Electronic Army is a group of hackers aligned with Syrian President Bashar al-Assad.
Security threat researcher Matt Johansen of White Hat Security said on Twitter that he suspected the attack was the work of the Syrian Electronic Army.
Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage.
The Syrian Electronic Army has frequently targeted the U.S. news media. The group has hacked into the Twitter feeds of the Associated Press and The Washington Post, and on August 15 they briefly hacked the websites of several major news organizations, including CNN, redirecting them to a SEA page.
Frons said Tuesday’s attack was more sophisticated than previous SEA hacks.
“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons in the New York Times.
While the site was down, the New York Times continued to post articles at its numerical IP address, 18.104.22.168 and at news.nytco.com.
Tuesday’s episode was the Times’ second sustained website outage this month. The newspaper’s site also went down August 14 for several hours, an outage the newspaper blamed on “an internal issue.”
A Twitter account claiming to be an official account of the SEA tweeted that it had also hacked the Internet registries for Twitter and the Huffington Post’s UK site. The account later posted that its own SEA domain was suspended for violating its registration agreement.
In an update on a company blog, Twitter confirmed that there was a DNS issue with one of the domains used to host images. “Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident,” said the post.