Who's Behind the N.Y. Times Outage?

REPLAY VIDEO
Your next video will start in
Pause
  • Info

  • Comments

  • VIDEO TEXT

Aug. 27 (Bloomberg) -- Cabasa Co-Founder Chris Weber discusses the New York Times' Internet registration being hacked and the discovery of malware on the pages of Facebook users. He speaks with Emily Chang on Bloomberg Television's "Bloomberg West." (Source: Bloomberg)

I want to bring in chris webber from seattle, washington.

He is a managing partner of a cyber security firm that helps companies.

The first time this happened a couple of weeks ago, they said it was due to server problems.

This time they say it was due to a nextel attack.

-- and external attack.

It sounds like it was an attack on the domain name system , where somebody was able to hijack the new york times.com registration and haven't reroute traffic -- have it reroute traffic to a malicious site.

If somebody could convince the post office to route all mail that is supposed to go to your house somewhere else.

They could intercept that mail and choose to read it and send it back to you or not send it to you.

It does not seem like anyone has taken responsibility for this yet, but initial signs are pointing to the syrian electronic army.

This is a politically motivated group.

They will make a statement.

Several of their attacks have targeted the media.

As far as who they are or what they do, we are not certain.

We do not have identities of individuals.

All we have are these communications they provide through the media through outlets like twitter.

Went something like this happened, what is involved in getting the site back online and how long does that take?

With this particular attack where they were able to hijack the dns registration, it it is a little troubling because it means all traffic would be routed somewhere else and not to where it was intended to be routed.

The new york times would respond by starting an investigation internally and contacting the dns registrar to correct the issue.

The registrar has identification , so they are able to trust that this is the new york times communicating with them and correct the record that was maliciously altered.

It has been about three hours.

It seems like sort of a long time.

Why is it taking so long?

It is a great question.

The way the domain name system works is you have the root servers and you have primary name servers and they propagate out across the internet to other dns servers the information they have.

When you make a change to the dns, it slowly propagates across the internet.

Apparently, somebody, maybe this.

-- maybe the syrian electronic army made the change.

That is going to dig a little bit of time to propagate across the internet.

I want to talk to you about another story we have been looking at, a piece of malware that is spreading via facebook and video links.

We heard earlier that this was -- this was spreading at about 40,000 attacks per hour.

What can you tell us about this particular piece of malware?

That is a pretty interesting piece of malware.

A lot of malware attacks are targeting the end users, that is you and, through our web browsers.

Act in the early days, a lot of these viruses propagated through e-mail because e-mail was the major delivery mechanism.

These days, social network sites are.

What happened in the past, i would send you a piece of malware through your e-mail.

You would open that.

It is just another name for malicious software.

My malware would go through your address book and attempt to e- mail everybody else in your address book and infect them as well.

That is similar to what happened with this malware, except it was a browser login.

People were tricked into installing a browser login -- plug in.

It has full access, more or less, to everything happening inside your web browser.

Facebook has said, we have developed a number of automated systems to identify harmful links and stop them from spreading.

We started blocking people from clicking through them.

We have since to remove them from the site.

What more can facebook do to prevent things like this from happening?

Funny story, when i heard about this malware, i went to post about it on my facebook page.

Because i posted the malicious url, they detected part of it, they locked my account and required me to install their security browser to correct the problem.

As far as what more facebook can do, i think they are doing quite a lot.

They have a lot of intelligence in their platform to detect attacks that are unknown and to react to attacks once they are known.

This is an example of an attack they are now reacting to buy

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change