The New York Times website was still experiencing some issues late Wednesday afternoon following Tuesday’s widespread outage. Evidence continued to mount that it was the result of an attack by the Syrian Electronic Army.
The group, loyal to Syrian President Bashar Al-Assad, has been behind multiple attacks on media websites in recent months and, on Twitter, took credit for a sophisticated hack that had hobbled the Times’ news site for roughly 20 hours.
“The @nytimes attack was going to deliver an anti-war message but our server couldn’t last for 3 minutes,” the group posted on its Twitter feed at about 9:40 Wednesday morning.
The attack came as governments in several countries considered military action in light of reports that Al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.
“Our website and domain are now down, but it was worth the attempt, for #Syria and world peace,” the group wrote later.
The group said their site was taken down because they violated their registration agreement.
People on Twitter began reporting the New York Times site was down as early as 3 p.m. ET Tuesday. Some users also reported difficulty accessing the Times’ mobile site and apps.
The newspaper posted a message on its Facebook page about 5 p.m. ET that said, “Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack.”
New York Times chief information officer Marc Frons sent the same update internally to employees at 4:20 p.m. and advised them not to send out sensitive emails “until this situation is resolved,” according to a statement from the New York Times. The outage was the result of an attack on the company’s domain name registrar, Melbourne IT.
The hackers gained access to a Melbourne IT reseller account using a phishing email and proceeded to change the DNS records of multiple domains, including NYTimes.com, according to the company.
“We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies,” said Melbourne IT’s Tony Smith in a statement.
Twitter also was hampered briefly by a similar attack.
Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage.
The Syrian Electronic Army has frequently targeted the U.S. news media. The group has hacked into the Twitter feeds of the Associated Press and The Washington Post, and on August 15 they briefly hacked the websites of several major news organizations redirecting them to a SEA page. CNN.com has been the target of similar attacks.
Frons said Tuesday’s attack was more sophisticated than previous SEA hacks.
“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons in the New York Times.
While the site was down, the New York Times continued to post articles at its numerical IP address, 184.108.40.206 and at news.nytco.com.
Tuesday’s episode was the Times’ second sustained website outage this month. The newspaper’s site also went down August 14 for several hours, an outage the newspaper blamed on “an internal issue.”
In an update on a company blog, Twitter confirmed that there was a DNS issue with one of the domains used to host images. “Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident,” said the post.
CNN’s Doug Gross contributed to this report.
Heather Kelly | CNN