nytimes.com

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is anyone else following the DNS hijackings of nytimes.com?

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSHRwxAAoJEMP+wtEOVbcdVjsH/2foBm2oI2/CuW55W1pNzJmU
bpG/jBUPIPLN2ZIE6IhP0iGqohlmP9YS6Ju+Xx1VuKJbA6ADnL6YFbIA+QvVm1wu
t/odIQb0md+d5Bc+eLu66Lls/J+gpsBrtEiJ7J3Y7hzvFoRP4p40Ob2RCYDT2fDW
2qD9a1HA0lKpshchBjts+9+J7hO0IfvIiTnjmqGpK1hgXsXZr4TtH5TetwSoWk5q
90+pZK7PQaZ9NAef9sSo3N3Ap/0aJorGf4skA6lR8yhmWI5Ovy+DUiLVgTQ4Ws4l
+rNnhjg031bvOm9StLZgCAZ3rkF9gHqrHV3cj0/gESi5e5U+UBFs7i461OgeCew=
=HUOj
-----END PGP SIGNATURE-----

=============================================================== From: Erik Hanson ------------------------------------------------------ whois returning funny results. Admin Name........... SEA SEA Admin Address........ SEA Admin Address........ 620 8th Avenue Admin Address........ Admin Address. Syria Admin Address........ 10018 Admin Address........ SY Admin Address........ SYRIAN ARAB REPUBLIC Admin Email.......... sea@sea.sy Admin Phone.......... +1.2125561234 Admin Fax............ Looks like the Syrian Electronic Army.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah, the last time the site loaded it had a big "Hacked by SEA" Graphic on it. DNS, Nameservers, and now apparently WHOIS have changed several times this afternoon. Quite entertaining.... Regards, dtb

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh! And Twitter got hit among others.... nice! NYT is trying to regain control, but their glue records are missing at the moment. Fun, fun! Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSHSbgAAoJEMP+wtEOVbcdsYsH/3O7fF88BNCNRXBkVE5e5O47 6pv/STjMWtChO5Y/nL82jAd8P5G1JNUE9VESbtDplsAJt7a96O1TbfAzIAlyMPfv GIQEz3f/IFLiMtWdbCtzBXBfjt/5D2OyNt5EqPxXu5OG4ZkOXvriMQ4avzWjNOyT 69dbt502ZPJYTkgfpuOusBKx1CS8wkBlJitlPYAFaX9HR9tTdG8Sdf8AshAlM3LO 7p0gZ3ZhGroFKTtGKrq3EQRh2AmlpEer2VNqVgl6tj2wS4LmfQXTs//jMrcChnJT cEpcJbp8ZTD9/2kbPMjyXwy2YjH8tt4d1urdubrsoOSnMO8iw49T/pG35JWTeU0= =QbIm -----END PGP SIGNATURE-----

=============================================================== From: Jon Stanford ------------------------------------------------------ Hahahahhahahhaahha I'm loving watching this go down. Too funny Dave Brockman wrote:

=============================================================== From: Chad Smith ------------------------------------------------------ You can still get to the NYT if you really want to. Just use their IP address (they are still updating content. In fact, one of the top headlines is about their site getting hacked.) http://170.149.168.130 To navigate, you have to replace the nytimes.com part of every link with the IP The link to the story about the website being down (on the website that is down) is http://170.149.168.130/2013/08/28/business/media/hacking-attack-is-suspected-on-times-web-site.html *- Chad W. Smith*

=============================================================== From: Rod ------------------------------------------------------ I get a 404. With the Amazon hit plus google before that, could someone be flexing their muscle? On Tue, 27 Aug 2013 18:32:07 -0400, Jon Stanford wrote:

=============================================================== From: David White ------------------------------------------------------ I've been following Brian Krebs' comments and on-going analysis over Twitter this afternoon. Sounds like a Registrar may have been compromised, but he hasn't commented since asking that question / making that hypothesis.

=============================================================== From: David White ------------------------------------------------------ ... and Facebook before that, and Microsoft before that. And did you guys hear about the Amazon datacenter outage due to a "network device malfunction" over the weekend? (Didn't take down Amazon.com, but took down Instagram, Vimeo, and a number of other sites temporarily)

=============================================================== From: Rod ------------------------------------------------------ Thats what one article state the dns registrar was compromised. Huffpo uk got hit too.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah, several domains involved! What? Amazon! Yet Another AWS Outage!?! Say it isn't so! I recommend my competitors use AWS, and will continue to do so.... Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSHTBMAAoJEMP+wtEOVbcdB34H/1edTvThZDwy3ThM7fo+KkYg +P21cqx/36FmT15L65faiHfhfyBilTIj069KczB/0nMJc288qX4DR+giRTLXRO1U Fu8aL7WVPU5cfVmHELn0GZ6JLRIppVWVl1ZEW2pfWnXJMrUk5NnmpCXkuLwZfTpM 72KH+gEoHznuuiyhYeiTbpqVgJ0JqgyOXxFGRIy8P9Pc1MFUV/VHdTBdjtOM+7cy +/LL/VF3fV0Wvv6Qx/Jx5SYO+OM31B52UKgcPWDRkomxbjwGoezeQIQ3cmyEM7AZ LqJbcHqypDlHUcce9R3pXbJLq8usJ4RbH9EY7ZON7tYqd1bEi0l3nzokVAO+U6I= =iV8Y -----END PGP SIGNATURE-----

=============================================================== From: David White ------------------------------------------------------ I must say, this is a funny tweet and reaction to nytimes being down: https://twitter.com/nycjim/status/372485217811832832/photo/1 "*Not only did @WSJ drop paywall after @nytimes was hacked, it bought promoted Tweet. http://bit.ly/182Dc4S pic.twitter.com/VkBiJyp9Os*"