September 16, 1998 1:45 PM PDT
N.Y. Times still suffers from hack
The good news: you can do the crossword online for free in the meantime.
The august newspaper is still picking up the pieces today from the worst hack in its site's history, which took place Sunday morning. The attack, aimed at two of the newspaper's writers, left the site strewn with nude images and a harsh protest message.
It caused the Times to pull down the site for more than nine hours--on typically one of the busiest days for newspapers and during the weekend of tremendous coverage of independent counsel Kenneth Starr's report on the White House sex scandal, online and off.
"The New York Times on the Web was unavailable for more than nine hours on Sunday, the result of an attack by hackers," reads a message posted on the site today. "Most of the site is now available, but certain areas, including the classifieds, archive, forums, and site search, remain inaccessible.
"As a service to our readers, we have temporarily made the premium content in the Diversions area, including the Crossword Puzzle, Bridge Column, and Chess Column, available free of charge."
The hack was mostly aimed at Times writer John Markoff, who coauthored a book about notorious hacker Kevin Mitnick, and Carolyn Meinel, the author of a book and other materials on hacking.
It is unusual for a mainstream site to suffer the effects of a hack for so long, noted John Vranesevich, founder of AntiOnline, a site that aims to educate the public on computer security. AntiOnline archived the hack.
"Military sites, when they're broken into, are down for a week or longer, because they have strict guidelines to follow after an intrusion takes place," he said. But Vranesevich added that news and other sites tend to get back up and running fairly quickly.
He said the delay likely resulted from one of two scenarios: either "they haven't figured out how the hackers got in yet" or "they're preserving the servers that were broken into to look for evidence."
The Times said it was working with the FBI to investigate the attack.
A group that calls itself "Hacking for Girlies" claimed responsibility for the incident, and Vranesevich said it is not the typical band of teen-agers looking for a thrill.
"Usually you can know within a few minutes who did it. These guys are not like that--they haven't bragged to anyone," he said, noting that Hacking for Girlies is apparently "not an established group" because it does not publish a list of members.
"The hacker community is buzzing with people wondering who did it," he said.
He pointed out that the group violated what he called the "standard code of ethics" that hackers are supposed to follow when members posted one of the Times writers' Social Security number. "A lot of the hacker culture would not approve of this hack," he said.
A Times spokesperson was not immediately available for comment.