For some time today, the NYTimes web site was being directed to malicious servers that were serving malware.
At the moment, nytimes.com does not resolve at all for me. The NYT is off the web.
This is a collosal screwup.
This email sent to the dns-ops mailing list provides some insight into what may have gone wrong and illustrates some of the many things wrong with our current name resolution infrastructure.
date: Tue, Aug 27, 2013 at 5:55 PM
subject: [dns-operations] Request To Clear Cache: NYTimes.com
I am a DNS Administrator at NYTimes.com. Earlier today we had issues with our registrar updating our NS records on the root servers to a malicious site. The registrar has since locked our domain with the registry on our proper Name Servers. We have had reports that the malicious site that our domain was redirected to was infecting users with malware. It would be a great service to the internet if everyone could please clear their cache for NYTimes.com. I understand that several other large websites/domains are experience the same thing. I would not be surprised if several request like this come in over the list today.
Thanks, David Porsche Systems Administrator The New York Times
Some immediate observations and questions, taking the claims in the email at face value:
Most of these questions are rhetorical, and everyone knows the rather depressing answers.
There are claims now that the problem stemmed from a malicious external attack by hackers working for the Syrian Electronic Army. They supposedly took advantage of vulnerabilities at MelbourneIT. It's funny how we have such few details on what precisely happened, yet we already know who to blame. And it's a politically convenient group.