Wednesday, August 14, 2013

Why the New York Times website went dark


CyberTruth Byron Acohido, USA TODAY 6:16 p.m. EDT August 14, 2013



(Photo: EMMANUEL DUNAND AFP/Getty Images)



SEATTLE -- Given multiple waves of denial of service attacks against U.S. banks by an Islamic group, the disabling this morning of the New York Times website had the cybersecurity community on alert.

The Times' public website became inaccessible as of around 11 a.m. Eastern time for at least an hour, longer in some parts of the nation, according to Internet reports.

A talk last month at the Black Hat conference in Las Vegas featured a proof-of-concept demonstration by WhiteHat Security chief technology officer Jeremiah Grossman showing how anyone could circulate a paid online ad in a way that would cause a targeted website to be inundated by mundane service requests triggered by the mere circulation of the ad.

But something even more mundane apparently caused the New York Times website outage: human error.

At least that's the consensus of IT pros who discuss things on puck.nether.net. One poster says "a self-inflicted wound, having to do with a software update that was rolled out to both the production and backup servers simultaneously," caused the failure.

Gunter Ollmann, chief technology officer at IOActive, says "based upon a couple of screen shots that people have posted it could have been something as simple as a misconfigured DNS server or load balancer. From the underground side, there's no discussions or perps claiming responsibility. I tend to believe that this was likely self-inflicted."

Tom Kellermann, Trend Micro's vice president of cyber security, for one, doesn't buy that explantion.

Kellermann notes that both the paper's web server and internal e-mail server were inaccessible, even after robust security measures taken in the wake of Chinese hackers targeting the New York Times and other big media outlets late last year and earlier this year.

"It's a good spin to blame this on a crappy update or bad management, but I'm leaning toward the fact that they're under attack again," says Kellermann.

Meanwhile, a blog posted on Monday by researchers at security firm FireEye, adds to the intrigue. Researchers Ned Moran and Nart Villeneuve assert that the Chinese hacking collective that cracked into the New York Times' computer network late last year appear to be at it again, mounting fresh assaults with new and improved versions of malicious software.

"After all the attention paid to security to have a web server and e-mail server go down in tandem just doesn't sound right. You usually lose one or the other, and when you lose your e-mail server it's usually from something nefarious," Kellermann says. "So is it hackers from the past returning to haunt them again or new hacktivists attacking them for something they've done or reported recently?"

Darien Kindlund, FireEye's manager of threat intelligence, says he does not believe the Chinese hacking group tied to earlier New York Times hack -- and back in action again -- caused the outage today.

"It goes against against their whole motive," Kindlund says. "They're into this to steal large scale quantities of intelligence and if they were to disrupt their victims it would be clear what's going on and they'd no longer be able to steal any intelligence."


Source
.

No comments: