Hacker News new | comments | show | ask | jobs | submit login
NYTimes.com down for some users; paper suspects “external attack” (gigaom.com)
94 points by Aaronn 1398 days ago | hide | past | web | 30 comments | favorite

In everything associated with the situation in Syria beware of the possibility of false-flag operations.


Even more unlikely: the SEA itself could be a false flag operation... At a risk of putting on a tinfoil hat some of the Syrian activity as of late seems mighty convenient, practically an invitation to a couple of cruise missiles or something with similar effects.

For all I know this is genuine but it is very hard to be 100% sure of anything like this as an outside observer. It wouldn't be the first time false flag operations were used to create sympathy in the populace for some war or to demonize a party.


http://en.wikipedia.org/wiki/Gulf_of_Tonkin_incident (disputed)


Kinda crazy that the Europeans have decided that Obama is war mongering considering there is no possible American interest in getting into this mess, and just a few weeks ago the administration was arguing about the finer points of the meaning of the word 'chemical.'

EDIT: Ok so with respect to your insinuation about "American interests," honestly, I'd like to hear what you think they are. Obama called the situation in Libya a "shit sandwich," and as far as I can tell Syria is a shit hoagie. So I'd really like to know what can be gained in Syria other than brownie points from knowing we upheld the R2P.

With respect to Powell and Iraq, I'd observe that Kerry is not Powell, Obama is not Bush, Syria is not Iraq, and the evidence at hand isn't curveball and yellowcake. Bringing up Powell and Iraq while ignoring the particulars of that event and this event is sloppy reasoning.

I haven't personally seen any evidence that Obama "rushing to bomb" anyone. I've seen months and months of the Obama administration trying to figure out how they are going to wipe their hands of this mess, and a week of them deciding that they can't. But on the whole I agree that you can't "un-bomb" someone, but you also can't spool back a massacre, and you can't uphold the R2P after-the-fact. We learned that in Rwanda.

Let's take a look at some facts about the chemical attack that was supposed to have been the "red-line"

- Assad is in this region winning against the rebels - without the use of chemical weapons (he is aware that using chemical weapons would get US involved)

- Timing: this is happening in sync with UN inspectors arriving to investigate chemical attacks

- Rebels have previously used chemical weapons in this conflict (http://www.washingtontimes.com/news/2013/may/6/syrian-rebels...) and there are videos of them experimenting with using sarin on dogs.

- Obama and the war machine are synchronously beating the war drums and committing to an attack before the UN inspectors have even had a chance to conclude their investigation of the chemical attack site

I'm pretty sure not all Europans have decided anything. Let's just say at least I'm not in a hurry to bomb places, that's something that you can always do but never undo and I recall a speech by one Colin Powell in front of the UN that turned out to be a little less than honest afterwards.

Wars are easy to get into hard to get out of, you break it you own it. What American interests are is sometimes harder to see than one would wish and the eagerness with which wars are entered into is something to be suspicious of in and of itself.

Breaking trust is a tricky thing, it's hard to mend afterwards and nothing better to distract from politically inconvenient news than a good old war. There is no B3 bomber.

Regarding your edit: I'm just advocating caution and not rushing to conclusions here until the facts are in and properly verified. You seem intent on pushing me into one camp or another, I have no dog in the race but I have an innate distrust for overly convenient and otherwise hard to explain occurrences. I have a very hard time believing that Assad would not be aware of what the consequences of gassing his own people would be, as well as of some of the hard to verify facts around this particular instance. It's true that a massacre can't be unwound but I feel that if we're going to go in based on that case that we should at least have the patience to wait until the ink on the report documenting that case has dried.

Syria is a flashpoint in the middle-east bordering Israel, Turkey and Jordan, has strong Russian and Iranian support. The Iranians have an absolutely enormous army that sits a mere stones throw away.

Igniting a war there rather than what is right now a civil war could have far reaching consequences and might make the Iraq war look like a picnic.

If the gas attack was real and orchestrated with the support of Assad then the Russians and the Iranians will likely drop their support. If a war gets started (potentially making it impossible to ever find out what happened beforehand) it could easily get out of hand.

I just caught the addition of disputed next to GoT. If this was wikipedia I would suggest changing disputed to WP:FRINGE

Apologies for the large quote. The whole thing being false flag is indeed probably too strong. But there is quite a bit of messiness surrounding the way that whole affair went down, judge for yourself:

"In October, 2005 the New York Times reported that Robert J. Hanyok, a historian for the U.S. National Security Agency, had concluded that the NSA deliberately distorted the intelligence reports that it had passed on to policy-makers regarding the August 4, 1964 incident. He concluded that the motive was not political but was probably to cover up honest intelligence errors.

Hanyok's conclusions were initially published within the NSA in the Winter 2000/Spring 2001 Edition of Cryptologic Quarterly, about five years before they were revealed in the Times article. According to intelligence officials, the view of government historians that the report should become public was rebuffed by policymakers concerned that comparisons might be made to intelligence used to justify the Iraq War (Operation Iraqi Freedom) that commenced in 2003. Reviewing the NSA's archives, Mr. Hanyok concluded that the NSA had initially misinterpreted North Vietnamese intercepts, believing there was an attack on August 4. Midlevel NSA officials almost immediately discovered the error, he concluded, but covered it up by altering documents, so as to make it appear the second attack had happened.

On November 30, 2005, the NSA released the first installment of previously classified information regarding the Gulf of Tonkin incident, including a moderately sanitized version of Mr. Hanyok's article. The Hanyok article stated that intelligence information was presented to the Johnson administration "in such a manner as to preclude responsible decision makers in the Johnson administration from having the complete and objective narrative of events." Instead, "only information that supported the claim that the communists had attacked the two destroyers was given to Johnson administration officials."

With regard to why this happened, Hanyok wrote:

'As much as anything else, it was an awareness that President Johnson would brook no uncertainty that could undermine his position. Faced with this attitude, Ray Cline was quoted as saying "... we knew it was bum dope that we were getting from Seventh Fleet, but we were told only to give facts with no elaboration on the nature of the evidence. Everyone knew how volatile LBJ was. He did not like to deal with uncertainties."'

Hanyok included his study of Tonkin Gulf as one chapter of an overall history of the involvement of NSA, and American signals intelligence (SIGINT), in the Indochina Wars. A moderately sanitized version of the overall history was released in January 2008 by the National Security Agency and published by the Federation of American Scientists"

I appreciate the quotes but I am already very familiar with the GoT. I do not really like getting in political/martial discussions on HN but we can if you would like to.

What is the action/operation that was designed and carried out to "deceive in such a way that the operations appear as though they are being carried out by other entities, groups or nations than those who actually planned and executed them"?

I'm not claiming the hack isn't genuine.

Perhaps more critically, twimg.com (and now Twitter, it seems) has also been compromised. Both share the MelbourneIT registrar.

$ whois -h whois.melbourneit.com twitter.com -> now owned by sea@sea.sy (Syrian Electronic Army)

The name servers for the Times have been switching back-and-forth for a while. I've chronicled most of it at https://twitter.com/semenko


If twitter is compromised, sites serving twitter js (which is a lot of sites) are potentially compromised too. I've just checked and at least some widgets from twitter are down at present (all?), twimg.com is not responding.

DNS and registrars is a bit of a weak point at present in site security, as once they have that, they can serve users whatever they like. It would be even more damaging and hard to detect if they just tweaked content slightly for a few hours by adjusting some words in stories for some countries rather than hijacking sites.

Well, luckily, Twitter's domains & cert are added to the Chrome HSTS pins list, so Chrome should just serve a scary security error.

Looks like their WHOIS data has reverted to normal. Not sure the NS records ever changed (though the contact data did).

One HN'er suggested a tweak to HTML where a hash of the js is taken along with the <script> tag to allow the browser to verify if the js has been modified. Of course this assumes that the js is static and that there are no upgrades to the code.

Another option would be to do this as a service but then you'd immediately have another attack vector as well.

We are now publishing at a backup site: http://news.nytco.com

Why the heck are both Twitter and the New York Times using a in the context small Australian registrar? (MelbourneIT)

edit: looks like MelbourneIT do DNS for a ton of big names. really really weird.

I'm wondering this, too. Does MelbourneIT have some sort of service or reputation that makes it attractive to large companies like Twitter or NYTimes?

"Syrian Electronic Army claims to have taken control of Twitter.com domain registration"


Tweet with some info regarding Twitter & NYT:


OpenDNS blocked the Syrian domains and updated its DNS resolvers to omit them:


Verify at:


nameservers changed at registrar, gltd reports accordingly.

nytimes.com. 172800 IN NS ns27.boxsecured.com. nytimes.com. 172800 IN NS ns28.boxsecured.com. ;; Received 114 bytes from in 17 ms

OK, then, the key question is: which registrar are they using and how do that registrar's security get compromised?

NS records pointing to Syrian Electronic Army - http://viewdns.info/dnsrecord/?domain=nytimes.com

You can still get to the New York Times by going to their IP address:


People viewing your views and cause, I guess.

Due to the worlds media being very selective about what appears, and the tone or context in which it is written, sometimes this is the only way to get your word out.

"Your word" being highly subjective.

Having the www.nytimes.com traffic being sent to your blog is probably one of the best things you can do.

Back in the day, leaflets were dropped from planes that contained what you wanted people to read. This is the much easier, and much much cheaper, way of achieving that aim.

EDIT: Removed the joke.

Now I want to know what the joke was.

I said "...and click an advert or two."

I'd imagine it's similar to North Korea's growing online presence: "This is the information about Syria that we want you to know."

Hacked by the SEA

I alternately get the message "Hacked by the SEA" (to my dismay I've been informed this is the Syrian Electronic Army, not the Symbionese Electronic Army...), or a redirect to http://www.boxsecured.com/high_cpu.html - a 404 error saying hi_cpu.html is not found.

NYTimes DNS has been hyjacked to redirect to SEA Blog (Syrian Electronic Army). Here I mirror the front page and some of the linked content from the English version of the page. You can see the page yourself by using FireFox or another browser besides Chrome that allows you to accept non-standard and mismatched certs. The JavaScript doesn't appear to be malicious, but I'm not an expert.

_ * Latest News *

Syrian Electronic Army Facebook Page | Number : 220 After the Facebook management shut down the page number 219 The new page link : https://www.facebook.com/SEA.Official.220 .. Read More...

Syria Tube is a page on the social network Facebook

it was created in 4/4/2011 in order to publish all the videos of what happening

in Syria and the right news about Syria

The new page link after the Facebook management closed the main page:



_ * Latest Hacks *

Time, CNN and WashingtonPost Websites Hacked

The Syrian Electronic Army hacked today into Outbrain service and take control of admin panel. The security breach affects CNN, Washington Post, Time and more high profile websites. Outbrain is a content recommendation service whose widget offers to help internet publishers incre.. Read More...

Time, CNN and WashingtonPost Websites Hacked Publish date: 2013-08-15 17:10:34 | Views number: 1559

The Syrian Electronic Army hacked today into Outbrain service and take control of admin panel. The security breach affects CNN, Washington Post, Time and more high profile websites.

Outbrain is a content recommendation service whose widget offers to help internet publishers increase web traffic at their websites. It does so by presenting them with links to articles and other content.

The admin panel of Outbrain is hosted in the local server. However, the SEA hackers managed to login into the panel with the help of VPN and access panel.

Zone-H Mirrors : http://www.zone-h.org/mirror/id/20533795


ScreenShots of the Outbrain Administration Pa

_ * Media *

Syrian state television claims that a pro-government group has hacked into two social messaging networks and seized records of local users.

Such a hack could expose Syrian rebels and other activists who depend on the networks to publicize army crackdowns on their hometowns and communicate with each other. Landlines and cell phones are believed to be tapped in Syria.

State TV says the social networking site Tango was hacked on Sunday by the Syrian Electronic Army.

The Syrian Electronic Army is a shadowy group that supports President Bashar Assad's regime.

There was no immediate comment from Tango.

Syrian media says another network -- Truecaller -- also was hacked last week.

Truecaller said in a statement posted on their website that it had been the target of a cyber-attack.

Source: Fox News

Some website's talked too about the attack:







_ * Leaks *

Office of Qatar Emir's mother forces ISP to block SEALeaks website from Google searches/Qatari DNS

Office of Emir's mother forces ISP to block SEA | Leakks website from Google searches/Qatari DNS And here is the reply of the ISP: The Syrian Electronic Army obtained the emails after it hacked into Moza mail system .. Read More... SEA Publishes Turkish Ministry of Interior Emails and Passwords

Latest Hacks | Media | Leaks | Mobile Version

From The Pictures Library ::

From The Videos Library :: SEA gave a visit to Social Flow Website/Accounts

Office of Qatar Emir's mother forces ISP to block SEALeaks website from Google searches/Qatari DNS

[image of email] http://i.imgur.com/gFJQX4W.png

Publish date: 2013-06-29 16:00:20 | Views number: 4862

Office of Emir's mother forces ISP to block SEA | Leakks website from Google searches/Qatari DNS

And here is the reply of the ISP: [image content broken]

_ * Battalions *

Vict0r Battalion | The Shadow Battalion | Th3Pr0 Battalion

http://blog.thepro.sy/ | https://www.facebook.com/SEA.Vict0r.2?_fb_noscript=1

_ * Martyrs *

Martyr Mohammed Qabbani

Martyr Mohammed Qabbani

Martyr Lorans Barakat

_ * About SEA *

The Spark of the Launch

The SEA created in 2011 when the Arab media and Western started bias in favor of terrorist groups that have killed civilians, the Syrian Arab Army and the destruction of private and public property, was the Arab media and western form a cover for the continuation of these groups, their actions through the blackout on terrorism in Syria and paste all charges Army Syrian and charged with murder and sabotage... Read More

The Mechanism | The Funding | The Vision

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact