News

Hack attacks, explained

Q&A with Jonathan Zittrain delves into recent cyber attacks on news media by the Syrian Electronic Army (Harvard Gazette)

By Christina Pazzanese, Harvard Gazette

After the Syrian Electronic Army disrupted The New York Times’ website for nearly a day, Harvard’s Jonathan L. Zittrain discussed how institutions will have to react in order to protect themselves. (Photo by Stephanie Mitchell, Harvard Staff Photographer.)

Computer network hackers calling themselves the Syrian Electronic Army earlier this week disrupted The New York Times’ website for nearly a day and electronic publishing on the Twitter social network for several hours. Also targeted were the Huffington Post and other media outlets.

These cyber attacks, which involved hijacking the companies’ domain names by altering their numeric addresses, which in turn prevented visitors from seeing the websites, are just the most recent in a series of strikes on news organizations, including The Washington Post, The Associated Press, and the Financial Times, in the past few months.

To better understand the attacks, Harvard Gazette staff writer Christina Pazzanese asked Harvard’s Jonathan L. Zittrain to comment by email on what happened and how institutions will have to react in order to protect themselves from future disruptions. Zittrain is a professor of law at Harvard Law School and the Harvard Kennedy School, and a professor of computer science at the School of Engineering and Applied Sciences. He is also co-founder of Harvard’s Berkman Center for Internet & Society.

GAZETTE: Who is the Syrian Electronic Army?

ZITTRAIN: It appears to be a confederation of computer hackers who support the Syrian government. How much the Syrian state actively supports it is not known, which is a common problem in trying to understand groups of this sort.

GAZETTE: It doesn’t sound especially difficult to initiate a Domain Name System (DNS) attack. What’s involved?

ZITTRAIN: A distributed-denial-of-service attack is common, in part because it’s easy to hijack many of the less-than-secure PCs connected to the Internet and use them to help overwhelm a website. There are even marketplaces in buying access to such PCs, so aggressors need not themselves be hackers. Websites like The New York Times tend to be well “bunkerized” against such attacks.

But there can be other forms of disrupting access, such as reconfiguring a site’s domain name so that it points elsewhere — that’s what happened here. That could be catastrophic for a bank whose customers are used to logging in at a given name, unaware that the name is now taking them to a new site, and it can also make a real statement for those who try to visit a news site that has been diverted. It’s not supposed to be that easy to do. I imagine someone either hacked the password for the NYT’s account with its domain name registrar, compromised the registrar’s systems overall, or managed to “sweet talk” the registrar into doing a password recovery.

GAZETTE: If it is fairly simple to do, does that make it potentially more of a threat to a greater variety of institutions than a server breach?

ZITTRAIN: Both are threats. Rerouting DNS could also entail rerouting all of the company’s incoming email if it’s attached to the same domain. That could be terrible!

Read the entire interview in the Harvard Gazette

Topics: Computer Science

Scientist Profiles