Washington Post Hacked, a Day After New York Times

barlevg writes "A day after the New York Times was brought down by a cyber attack, the Washington Post reported being hacked, with various news stories being redirected to the website of the Syrian Electronic Army. It's been speculated that this is the work of the same hacking syndicate that compromised both news organizations last year."

More information

[barlevg]

Submitter here.

The NYT themselves claims they weren't hacked. This probably would have been a better choice for the first link than the humor column I originally chose. This non-attack-related downtime cause is elaborated on further in this article posted to zdnet (thx trb).

On the other hand, Fox Business is also citing an unnamed source in saying it was a cyber attack. On the other hand, an unnamed source in a burlap sack is worth the sack.

Re:More information

[VortexCortex]

On the other hand, [...] On the other hand.

Y-you have three hands?! You're a Martian aren't you? Oh! Was that your mom in Total Recall?

Re:More information

[dmbasso]

No, he's a juggler. Or a magician.

Re:More information

[Qzukk]

Y-you have three hands?! You're a Martian aren't you?

Clearly he's a Motie.

Re:More information

[barlevg]

As in, back to the first hand. Is there a less awkward / more correct way of wording that?

Re:More information

[OglinTatas]

you beat me to it.
The proper expression is
On the one hand [one expression]
on the other hand [other expression]
on the gripping hand [gripping expression]

It was this idiom in general usage that lead human authorities to believe that quarantine had failed.

Niven: The Mote in God's Eye
and The Gripping Hand

Re:More information

[Em+Adespoton]

As in, back to the first hand. Is there a less awkward / more correct way of wording that?

On the first hand....

Re:More information

As in, back to the first hand. Is there a less awkward / more correct way of wording that?

I'd start with not using a hand metaphor for comparisons between more than two things if you happen to be part of a species not commonly known for having more than two hands.

Re:More information

[Noughmad]

There are sequels to the Mote? Must... read...

Re:More information

Be fair: Niven & Pournelle.

Yes, they're probably Niven's aliens, but the stories are set in Pournelle's CoDominium universe.

Re:More information

[OglinTatas]

thanks. it was an oversight. Many of Niven's best books were actually collaborations, and Pournelle's collaborations were among the best of those.

Re:More information

[danlip]

So NYT is claiming they were doing scheduled maintenance during the busiest time of the day. Really? Who the f*ck is running their IT department?

Re:More information

[mcgrew]

Y-you have three hands?! You're a Martian aren't you? Oh! Was that your mom in Total Recall?

No, he's a Motie.

Re:More information

[rwise2112]

On the other hand, [...] On the other hand.

Y-you have three hands?! You're a Martian aren't you? Oh! Was that your mom in Total Recall?

He's just zis guy, you know! He's Zaphod Beeblebrox

Re:More information

[AliasMarlowe]

There are sequels to the Mote? Must... read...

Depending where in the world you buy it, the name of the sequel is different. In most of the world, it's The Moat Around Murcheson's Eye, but in the US it's The Gripping Hand.

Re:More information

As opposed to Windows from who? Home Depot?

Re:More information

if you happen to be part of a species not commonly known for having more than two hands

Well I am a code monkey, you insensitive clod. ;)

Re:More information

[HornWumpus]

Also note: There were a few chapters of 'A Mote in Gods Eye' (the initial space battle) that were removed from the book (for length). You can find that in one of the 'There Will be War' series of books. The # escapes me.

Re:More information

[motorhead]

On the other hand...
she had a wart.

Re:More information

[K.+S.+Kyosuke]

Y-you have three hands?! You're a Martian aren't you? Oh! Was that your mom in Total Recall?

He could also be Zaphod Beeblebrox. However, because three is apparently only the lower bound on his number of hands, he could easily be a Jatravartid of Viltvodle VI.

Re:More information

it's either that or they're full of shit. the ceo (or whatever) from the nytimes was conveniently on the news at the same time (about the first "hack") as the cyberterrorism "czar" or cia or somebody (don't remember). the nytimes douche is promoting a book about some related nonsense as well. that can't be called a kickback, right? they don't even bother to put them in two seperate segments of the news. i guess they were sharing a cab back to the times or something. i guess the fear of the word "terrorism" is supposed to disable the part of the viewers' brain that notices that fairly obvious slight of hand. lmao.

Re:More information

There are sequels to the Mote? Must... read...

Yes, and it (singular) was good. Googling... Nope, still just the two in the series.

Re:More information

[lightknight]

What IT department? I thought everything was Cloud-based now, and that the Cloud meant that businesses didn't need IT anymore...

What, you mean that we might still need an IT department? That we've been lied to? Well, we better run down to the basement, and put a stop to some of the more vocal employees mooning the previously ex-IT employees while they were cleaning out their desks...

Re:More information

[jmccue]

Dies that mean the Syrian Electronic Army is at the Crazy Eddie Point ?

Re:More information

[gVibe]

Remember kids...anything coming from a Fox affiliated network has been tainted. Usually an unnamed source for Fox is that voice in the head of the reporter or whatever they call themselves.

Being talked about by foxbusiness ...

... is a cyber attack in itself ;-P

Even if they call themselves that

no need to accord accolades to what amounts to hordes of s'kiddies.

New Lyrics

To paraphrase David Bowie: Hack to hacker.

Same people who made Stuxnet?

Handy timing, don't you think.
Also handy targets.

Re:Same people who made Stuxnet?

Yup, NY Times went down exactly when the US backed military junta in Egypt was opening fire on protestors...

Re: Same people who made Stuxnet?

Who made stuxnet? Turned out to be NSA, but at the time it was blamed on all manner of cyber whatnots.
Chances are cyber attacks are the 800lbs cyberattack gorilla in the room, however its being marketted.

Re: Same people who made Stuxnet?

[HiThere]

I thought it was supposed to be a collaboration between the US and Israel. Is it now believed to be just the US?

Re: Same people who made Stuxnet?

Of course Israel had nothing to do with it, what are you anti-Semitic or something? Well, are you?

WaPo vs. NYT

[OakDragon]

New York Times Web site goes down, panicked mobs stream into street demanding to know the trends

Who knows if one, or more, of these newspaper sites are hacked? I cannot tell anymore...

Re:WaPo vs. NYT

Well, the entire U.S. of A. was hacked many years ago, and they're all still trying to find out what happened. I know, but I'm not sayin who, exactly - I will give a hint. It starts with a "G" and rhymes with "shmoverment".

"Free Syrian Army"

[globaljustin]

Free Syrian Army = Illuminati/Aristocracy contractors

Probably eastern european, just by odds...but I wouldn't be surprised if it was an American company...

Hell it could be the same company that gets all the AC bots here on /.

Democracy in Syria would significantly harm some old and relied-upon revenue streams for rich white people (oil from Iran to England).

Our governments have been installing figurehead assholes in that region for centuries and Assad is no different.

These attacks are to provoke conflict in the region to overwhelm the 'Arab Spring'-type democracy movement that was happening in Syria.

The global elites don't want Syria to become like Lybia....doing these 'hacking' attacks is an easy way for them to prop-up the 'bad guys' in Syria without doing anything to provoke US/UN intervention.

By doing this stuff they keep the status quo...which is a victory for them, given that Syrians were about to take back their democracy.

Re:"Free Syrian Army"

The global elites don't want Syria to become like Lybia....doing these 'hacking' attacks is an easy way for them to prop-up the 'bad guys' in Syria without doing anything to provoke US/UN intervention.

What in Earths name are you talking about?
And who are the "good guys" in Syria. Al Qaeda in the Levant(sp)? Al Nusra? the hundreds of tiny criminal groups called battalions? The FSA? Oh, Maybe the millions of women, children and old that have been killed, raped, displaced or orphan because Iran is a "bad guy", so someone get rid of their "bad guy" ally and damn the consequences.

Re:"Free Syrian Army"

I can't believe this garbage is modded "interesting". The United States has been funneling weapons and cash to the Al-Qaeda affiliates in Syria for months if not years now. The US government wants Asad out even if it means putting Al-Qaeda "in". Get a clue bro.

Re:"Free Syrian Army"

[HornWumpus]

Not really, we just want Sunnis fighting Shea. Stalemate is the ideal outcome.

Re:"Free Syrian Army"

Not really, we just want Sunnis fighting Shea. Stalemate is the ideal outcome.

Fighting Shea Stadium, or Shea Whigham?

Re:"Free Syrian Army"

[HornWumpus]

Who are the 'good guys' in Syria? The ones selling bullets to both sides. Duh.

NYT not hacked.

[Longstaff]

Former NYT Digital, Core Infrastructure Engineer here. The outage yesterday was a problem with their load balancers caused by internal action. Stop reading the nonsense posted by Fox Business News.

Re:NYT not hacked.

[barlevg]

Yeah, sorry about that. I was basing the story off the speculation that was circulating yesterday at the time of the outage (and it wasn't just Fox Business News). It was only after I hit "submit" that I found the NYTimes blog post about it being not an attack.

Re:NYT not hacked.

[lexman098]

I was basing the story off the speculation

Well there's your problem.

Re:NYT not hacked.

[barlevg]

No argument from me.

Re:NYT not hacked.

[Sponge+Bath]

...a problem with their load balancers caused by internal actions.

Did you try modulating the shield harmonics?

Re:NYT not hacked.

[Impy+the+Impiuos+Imp]

Ahhhh, PEBCMSATVM issue.

Problem Exists Between Control Monitor Station And Twinkie Vending Machine, got it.

Re:NYT not hacked.

[Longstaff]

Fox Business were the first to "break" the story with a "source close to the matter". Everybody went off their lead. Every single technical statement in the article is incorrect and/or laughable. http://www.foxbusiness.com/technology/2013/08/14/new-york-times-site-experiences-major-outage/

Re:NYT not hacked.

Since when as the facts been a requirement for the Fox network, or anything owned by Murdoch? The news is serving a purpose for someone. To learn who is most like is to see who will gain the most from the public getting paranoid about cyber-attacks and cyber-wars? Haven't you noticed how these terms are being used more and more by "news" outlets and politicians? The Internet is going to come under serious filtering across the globe. We all laughed at China and their firewall, the UK has already implemented their own which is blocking many innocent sites and services. We'll be next. Just wait and see.

Re:NYT not hacked.

[oodaloop]

A what vending machine?

Re:NYT not hacked.

[Impy+the+Impiuos+Imp]

They must have updated it because there's nothing really bad at that link. They even mention an update.

Re:NYT not hacked.

[J053]

Yes - ignore FOX. I have the real scoop from Rush:

RUSH: Folks, you can try to get to the New York Times story on the Clinton Global Initiative on the Web. I don't think you can. It's been taken down. Well, I don't know if it's been taken down or they just ended the access to it. But don't worry, I have enough of it for certain pull quotes. Oh, the whole website's inaccessible, so maybe the Times got hacked. Okay, Times got hacked. I thought just that one story pulled down. All right. It's obviously the Clinton story, the expose of the Clinton Global Initiative that's resulted in the Times website being hacked. The story is in the UK Telegraph, by Tim Stanley. "The New York Times Takes Down the Clinton Foundation. This Could Be Devastating for Bill and Hillary," is the headline. The lead is, "Is the New York Times being guest edited by Rush Limbaugh?"

Re:NYT not hacked.

Polarity! Reversing the polarity always comes first.

Re:NYT not hacked.

It wasn't the load balancers

extra, extra! news orgs don't learn! extra!

[swschrad]

news of the day: they restored backups and didn't close the holes. special edition, 50 cents, read all about it.

maintenance updates during the day ?

[KernelMuncher]

Seriously, what competent IT shop pushes out maintenance updates during peak viewing times ? Our company schedules that work for Friday nights, just in case something unexpected happens. At the very least they should have saved the update until the late evening shift.

The NY Times doesn't sound like they are telling the entire truth.

http://www.nytimes.com/2013/08/15/business/media/new-york-times-web-site-returns-after-hours-offline.html?_r=0

Re:maintenance updates during the day ?

[Charliemopps]

Who says it was scheduled work? Sometimes things happen... certs expire, equipment fails... so you have to do work in the middle of the day. I had to log in remotely via a laptop and 4G hotspot once while I was riding in a canoe on the 4th of July to bring some stuff back up. Bad luck doesn't turn off during business hours and holidays.

Re:maintenance updates during the day ?

[KernelMuncher]

from the article in my post:

'The outage occurred within seconds of a scheduled maintenance update being pushed out'

Re:maintenance updates during the day ?

[Mouldy]

Thats not a universal philosophy. If something breaks late Friday night - who's going to be around to fix it? We only push stuff live after vigorous QA & review and we're as sure as we can be that it won't break anything. If it does break something, it's going to be something pretty obscure and we sure as hell want as many engineers around as possible to be available to help fix it or to make the call to rollback if a fix isn't forthcoming. The odds of the small team online late on friday knowing enough about the system to successfully diagnose and fix something obscure quickly are slim. That's exactly why we usually do live pushes during business hours - even if traffic would be quieter at 3am Sunday morning. Out of hours support should be for emergencies only - not for run of the mill live pushes.

Re:maintenance updates during the day ?

Depends what the update was, we do plenty during the day which don't cause any interruption in the use of the system.

Re:maintenance updates during the day ?

If you're pushing something to production then you should have a team prepared for there being a problem. You should never leave the responsibility of fixing it to the regular support staff.

Re:maintenance updates during the day ?

[wift]

Laptop in a canoe sounds dangerous and kinda wonderful in a contrasting sort of way.

Re:maintenance updates during the day ?

[Longstaff]

(former NYT Engineer) Some potentially disruptive maintenance that can be localized to a single team (say, storage maintenance) would be pushed to an overnight change window. However, emergency reachability for certain teams at NYT can problematic, so some (expected) low-impact work requiring multiple teams is done during the day. They have multiple data centers and everything is fully redundant, so updates can happen to service-drained components, be tested and then flipped once verified. Apparently that could not or did not happen here.

FTR, the entire Digital Core Infrastructure team (responsible for Storage, Virtual Infrastructure, OS Mgmt, App Support and some networking) resigned approximately 3 months ago.

Re:maintenance updates during the day ?

[Mouldy]

That's exactly my point. Pushing live during business hours instead of late Friday night means more people are to hand to fix any issues

Re:maintenance updates during the day ?

[KernelMuncher]

We test in QA during the week and then release on Fridays. The full team has to be on the status call Friday night and/or Saturday morning, whenever the testing on production has been completed. If it's broken or it needs a roll-back, we all start working on it.

My company having good remote work capabilities is a great plus but it still means don't schedule anything socially that weekend which can't be postponed.

Re:maintenance updates during the day ?

[KernelMuncher]

Did the team go en masse to some new job like a hedge fund ? Or was this simply an expression of complete frustration ?

Re:maintenance updates during the day ?

[Longstaff]

We left for separate opportunities; all within 6 weeks of each other. 100% related to management interference / incompetence.

Re:maintenance updates during the day ?

And what exactly are the Peak Viewing Times for an international publication like the NYT?

You don't have any clue, do you? I'll give you a hint... it's not 11am-2pm EST on a Tuesday.

Re:maintenance updates during the day ?

[jon3k]

Oh boy. Well, when you have a couple hundred (or thousand) hosts, you can't really fit it into any particular window. These websites are also read 24 hours a day by people all over our planet, so there isn't really a "good time".

GitHub

More importantly, GitHub is under DDoS. Guess I can't work today, oh noes :p

Re:GitHub

[barlevg]

It's working fine for me (oddly, downforeveryoneorjustme agrees with you...)

Re:GitHub

It's been up and down. I'm on it right now again.

Re:GitHub

[HiThere]

O. Given the nature of git I had assumed the parent was a joke. (i.e., since you have a complete tree, the repository being down shouldn't keep you from working.)

We're making progress

Now we have intelligence reports telling that the Syrians and the Chinese are in fact the same terrorists.

At least i hope the APT fairies aren't involved this time.

Jeff Bezos

[jonyen]

Hopefully Jeff Bezos is going to do something about this, now that he owns the Washington Post (sounds like really old news already). But it's not coming off to a good start, that's for sure.

Outbrain Hacked -- Leads to defacement on WP,CNN

[ItsPaPPy]

The SEA hacked Outbrain, which is a content provider. CNN, WP, NY Times, all use this companies software to recommend stories to readers.

http://thehackernews.com/2013/08/Outbrain-hacked-Syrian-Electronic-Army.html

http://techblog.outbrain.com/2013/08/update-outbrain-security-breach/

Slashdot reported it so it must be true

[atom1c]

Obviously there is continued FUD propagated on Slashdot in order for this story to be posted with one slant versus the other.

If Slashdot's moderator is right (and contrary to the tipster) then Slashdot actually has knowledge and somehow participated in the hacking attempts in order to even paint the news event in a particular light. If Slashdot is NOT involved (but still moderates contrary to the tipster) then Slashdot's editors are promulgating fear and doubt into the minds of its readers.

Either way, this story should be revised as to reflect the ACTUAL events which transpired (i.e. NYT experiences downtime the same day as MSFT services... and, the next day, some other company, WashPo, experiences their own downtime.. although the WashPo's downtime may have been due to hackers... in a manner unrelated to how NYT and MSFT experienced downtime, but in a manner in line with how GitHub is experiencing downtime).

I forget

[fustakrakich]

Is the Syrian Electronic Army the 'good' guys or the 'bad' guys? Are they getting money, or are they getting droned? Or maybe both?

Re:I forget

Is the Syrian Electronic Army the 'good' guys or the 'bad' guys? Are they getting money, or are they getting droned? Or maybe both?

While i consider every hacker a "bad guy"...
The "Syrian Electronic Army" are against the Islamic Sunni terrorists that genoside and ethnic cleanse the Shia Muslim minority and the rest secular Syrian Muslims, the Kurds and the Christians (the slogan "Shia to the grave, Christians to Beirut" says a lot) - in other words are pro (the non democratic but SECULAR and protector of religius and ethinc minorities) Assad.
By the way, i am a Greek (many Greeks live in Syria and slaughtered from those Islamists, and many non Greeks from Syria are in Greece trying to save themselves from the -Islamic- "Free Syrian Army"... the one that likes to cut heads in those videos the western media does not like to show so much) so i consider the Syrian Electronic Army "good guys"... i guess others may disagree!

Re:I forget

[barlevg]

They're pro-Assad, so it depends on whether you consider Assad to have committed unforgivable atrocities or whether you consider him the legitimate president of Syria.

Re:I forget

Funny how Assad's "unforgivable atrocities" weren't even as bad as the atrocities committed RIGHT NOW by the current Egyptian military junta but unlike Assad they support Israel so it's all good right?

Re:I forget

You don't know much about Assad, do you....

Re:I forget

[citation needed]

Re:I forget

[fustakrakich]

I'm not sure I understand. Am I supposed to take sides between two evil bastards, or what? Sounds like a coin toss to me. I think I'll ask my bookie before I place any bets...

Re:I forget

[barlevg]

It's a similar problem to what happened in Egypt during the first revolution. On the one hand, you have a dictatorial despot (Mubarak, Assad). On the other, you have pro-democracy revolutionaries who may not be friendly to Western interests (Egypt democratically elected Morsi of the Muslim Brotherhood). So when deciding who to "root for" you have to ask yourself: do you believe in democracy above all else, or are you more interested in seeing a pro-West government in power? It's a tricky question, and it's why the US has (weakly) condemned Morsi's overthrow and the violence against his supporters while stopping short of calling the action a coup d'etat. Still, it's better than the old US policy of

They've got to be protected
All their rights respected
Until someone we like can be elected.

Sobasically what happened is

[mandark1967]

A hacker hacked a rag and hacks reported the hacker hacking the rag and hackers hacked another rag and more hacks wrote about hackers hacking the other rag.

Hackers

Children. When these guys start dropping drones in their tracks and smoking NSA computers, they will get my interest.

Time to work on some security?

This isn't intending to blame the victim, but if they were hit by hack attacks previously, shouldn't both these papers actually learn a lesson, stop listening to the PHB chanting, "security has no ROI... security has no ROI..." and actually start locking things down?

This isn't hard. Cisco has good security tools, and an ASA appliance or two wisely installed/configured will isolate things. MS has top tier security tools for the enterprise that are usually "free" (er... businesses pay for them anyway.) RedHat, IBM, and Oracle also have good security tools. Why not use them?

i prefer

http://www.allthingsnow.com anyways

how is this obvious?

[globaljustin]

The US government wants Asad out even if it means putting Al-Qaeda "in".

so....let me get this straight...you claim that...

The US is trying to oust Assad.

Ok I can agree with that...

The US doesn't care or is actively encouraging 'Al-Queda' to become the new 'leader'?

It really makes no sense. "The US" is Obama's foreign policy...what our government does. You cannot provide one shred of evidence, logically or by links to quotations, that "the US wants Al Qaeda in"

Take any policy of the Obama State dept towards the Arab spring. In all cases 'the US' supported the side demanding democracy (to the point it could publicly, without discrediting the rebels as having foreign funding)...

You need to read up on the Arab Spring. While your at it, refresh yourself on Iranian history from pre-WWI to present. Note when Iran released the US hostages in 1980.

wtf "we"

[globaljustin]

we just want Sunnis fighting Shea

heh...that reminds me of the money drop scene in The Big Lebowski...

seriously, what the fsk do you mean "we"..."we" as in the United States?

Americans want the world to be free.

Now, American **companies**

That's different...and in our global economy, national distinctions and becoming less salient.

Unscruplous American companies want shia and sunni to fight indefinitely...'divide and conquer' is a strategy in colonialism and marketing.

American **people** are different from companies that are based in the country.

pro-democracy = 'the good guys'

[globaljustin]

the good guys in Syria are, obviously, the groups trying to enact democratic reforms in the Syrian government

by your logic, all someone has to do to discredit any democracy revolution is get one Agent Provaceteur to pose as an 'Al-Qaeda operative' and pretend to be on teh side of the rebels, then blog about it and have some of your tech's put his stuff on a known 'Al-Qaeda' website

just because some random group says they oppose Assad and are 'Al-Qaeda' doesn't prove me wrong or you right one bit.

it's obvious that the many pro-DEMOCRACY rebels in Syria are the 'good guys'

Heh

[ThatsNotPudding]

Seriously, what competent IT shop pushes out maintenance updates during peak viewing times ? Our company schedules that work for Friday nights, just in case something unexpected happens.

Just like FedGov with bad news.

i'm an idiot

[globaljustin]

Original post should read: "Syrian Electronic Army"

also: Syrian Electronic Army = Illuminati/Aristocracy contractors...

i deserved my downmods b/c my post was confusing as hell...no wonder the responses made no sense