“Twitter, are you ready?” The tone of the tweet is provocative, like all other actions of the “Syrian Electronic Army” (Syrian Electronic Army, SEA). Last operation time claimed by the hacker group Syrian pro-Assad: a cyberattack against the “New York Times” and Twitter, Tuesday, Aug. 27. An attack that always makes currently inaccessible site of the venerable U.S. newspaper and disrupted the functioning of the microblogging site.
cyber attack comes as the United States, the United Kingdom and France were convinced that the Syrian regime had committed the chemical attack of August 21 in the suburbs of Damascus, and especially when the assumption of a military intervention in Syria said.
SEA has already been shown in recent months by hacking the Twitter account of U.S. news agency Associated Press. She had published a fake tweet that President Barack Obama had been injured in two explosions at the White House. A stunt that had panicked Wall Street. The Dow Jones plunged by over 130 points, or nearly 1%.
Twitter photo service of the AFP, as well as social networks the BBC, Al Jazeera, the “Financial Times” or “Guardian” have also paid the price.
How
SEA she hacked the “New York Times”
To carry out the attack, the Syrian Electronic Army has decided to attack the system that manages domain names (the Domain Name System, DNS) of the “New York Times” and Twitter.
Every computer connected to the Internet is identified by a numeric address, or IP address. For example, the web server “New York Times” is at 170149168130. The Domain Name System, created in 1980, works as a directory that lists the IP address and translated. Thus, 170149168130 becomes www.nytimes.com and can be searched on the Internet.
“New York Times” and Twitter have their registered Internet domain names with an Australian company called Melbourne IT. And it is precisely Melbourne IT was concerned: “The SEA prefer foremost target partners and trusted third parties large groups,” says Sophos, a company specializing in security
.
For Johanne Ulloa, security expert at Trend Micro, told the “Nouvel Observateur”, “this is surely due to a targeted attack on a member of society that SEA could infiltrate Manager domain names. ” “We believe that it is with a program that exploits the vulnerabilities and take control of a remote computer that hackers were able to access the interface that manages the DNS,” he analyzes. “What is interesting is that the creator of DarkComet, a RAT, which allows you to take control of a remote machine, decided last year to stop the development of the software because it was used by groups such as” the Syrian Electronic Army. ‘”
Confirmed by Theo Hnarakis suspicions, CEO of Melbourne IT, which told the “Guardian” that hackers had access to the administrative interfaces of the company via a username and a valid password. Once hacked Melbourne IT, the “Syrian Electronic Army” has simply changed the DNS Twitter and “New York Times”. DNS file American newspaper was changed so that readers are redirected to M.SEA.SY, MOD.SEA.SY and SEA.SY, servers under the control of the SEA, says Sophos .
operation not yours to exploit. “There is no need to have any special technical knowledge,” says Johanne Ulloa, who considers this technique to infiltrate a company increasingly common.
A DNS attack is effective?
In such an attack, hackers can go far? “Taking control of the domain name of a website is not as powerful as piracy site’s servers,” says “Washington Post”. “If” the Syrian Electronic Army ‘had managed to take control of servers” New York Times “, it could change the content of the articles, read the e-mails of journalists and even install malware on the servers” . The hijacking of a domain name does not do that.
David Ulevitch, CEO of OpenDNS, however, explains that compromising a domain name can still cause serious problems. “When you turn away DNS, you are changing more than the site’s identity,” he says in the “Washington Post”. For example, “New York Times” “undoubtedly sends e-mails to confidential sources. Someone could intercept these communications” by changing the DNS and saying where to deliver e-mails.
“Compromising the field of Twitter could create serious security problems yet. because the social network has” a lot of javascript [ code that allows you to place tweets on a web page, Ed ] embedded on websites. This means it is possible to deface websites, “says David Ulevitch.
Why target the Anglo-Saxon media
But, why such an attack? “The role of” the Syrian Electronic Army ‘makes sense when considered as pranksters who like al-Assad Bashar,” said the “Washington Post”. The SEA does not steal any information and prefers to take a site or a Twitter account for a short period of time and get his message. Communication centered around the Assad regime, denouncing U.S. foreign policy or disseminates false information.
No comments:
Post a Comment