Syrian Electronic Army Continues Spree: Cracks New York Times, Twitter and Huffington Post

August 27, 2013 - 2 Comments

The Syrian Electronic Army continues to hammer away at media organizations.  This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.

Syrian Electronic Army cracks Melbourne IT Registrar

Just as with the ShareThis attack from last week, the Syrian Electronic Army chose to host the domains on their main IP address

Passive DNS data for SEA IP

Several users reported issues with The New York Times website, however Twitter seemed largely unaffected.  Perhaps one reason for this is Twitter’s preference for using HTTPS.  When a Transport Layer Security (TLS) tunnel is established with a site, then the rest of the communication with that site flows over the established, encrypted tunnel.  Users already logged in would have never experienced a problem.  On the other hand, the Syrian Electronic Army also took credit for the attack using Twitter, so perhaps this is why they left the nameservers for the domain untouched.

Cisco TRAC is continuing to monitor the situation as it develops.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. The is responsible for severing images. It was still having issues when I fired up TweetDeck this morning.

  2. Good hack, just goes to show that the domain record deserves plenty of good security. All of the best security technology in the world is no good if the domain record is hijjacked. These guys could have redirected the nameservers and MX records to easily redirect or attack users. It is hard to believe that this was so easy but obviously this is how targeted attacks seem to strike at the weakest point.