Security Watch

Keeping Track of patches and hacks in the IT security world.

Was 'The New York Times' Hacked?

The site was offline from 11:10 a.m. to 1:15 p.m. ET on Wed., Aug. 14, sparking speculation about the possible cause and its nefarious implications.


On the morning of Wednesday, Aug. 14, my Twitter feed was overflowing with people noting that the venerable Gray Lady, The New York Times, was offline. Within minutes, the rampant speculation was that The Times had been hacked, which in my initial opinion, wasn't all that far-fetched. After all, The Times itself admitted in January, that it had been the target of Chinese hackers for at least four months.

Speculation and reality, however, can often be two very different things, which is something that Wednesday's outage helps demonstrate.

There are many different kinds of Web attacks today. The one that The New York Times admitted to in January was an infiltration by attackers going after usernames and passwords for email accounts. That type of attack is about information gathering and isn't about taking a site offline.

There are also distributed denial-of-service (DDoS) attacks, where hundreds of millions of data packets slam into a service in order to render it inaccessible. In my experience in a DDoS attack, Web browsers simply time out and no response comes back from the given site.

On Wednesday morning, during The Times' outage, the site did respond, but only with a :' Http 1.1 Service Unavailable' message. Technically speaking, that was likely what the Internet standards body Internet Engineering Task Force (IETF) would typically note as a "503 error."

The actual specification notes that a 503 error means that "the server is currently unable to handle the request due to a temporary overloading or maintenance of the server."

So, maybe a DDoS attack, but then again, it could have just been a misconfiguration issue, which is what The New York Times itself claimed throughout the outage.

“The outage occurred within seconds of a scheduled maintenance update being pushed out, and we believe that was the cause,” said Eileen Murphy, a spokeswoman for The New York Times Company.

What is interesting to note for me is that despite the fact that The Times said the issue was a technical glitch, at least one major news outlet reported that its sources said it was an attack. Fox News reported that it has a source that said the outage was in fact an attack and not an internal issue.

Given that we know that the site runs on Amazon Web Services (and I know full well how easy it is to mess up a Domain Name System (DNS) or server configuration on Amazon), the notion that an "internal" (likely cloud) issue is at fault is not that unlikely in my opinion.

At roughly the same time that the site was offline (and the Twitterverse was going nuts about it), all sites under the .gov Top Level Domain were also inaccessible. Surprisingly I didn't see any speculation in my Twitter feed about that being an attack—and, in fact, it wasn't. With .gov, there was a DNS security configuration-related issue.

In contrast with the outage, The Washington Post admitted it was hacked on Aug. 16. In an Editor's Note, The Post said that "readers on certain stories [are] being redirected to the site of the Syrian Electronic Army." Now that's a real hack. The paper admitted the attack, and the motivation is to gain attention for a specific cause. That was not the case (so far as we know right now) at

Sites and even entire Top Level Domains can (and do) go offline for reasons other than cyber-attacks. While I enjoy speculating as much as the next person about things we don't really know about, I strongly suspect that in the outage, "All the News That's Fit to Print" is already out there.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.