US is about to bomb Syrian military assets so this is Iran's response. The SEA is clearly Iranian. Email them something in Farsi or PM one of their propaganda accounts on youtube they usually answer.
last time I checked ns1.syrianelectronicarmy.com was hosted out of Russia and includes " qatar-leaks.com" which seems to have disappeared
Why Iran? Surely Russia is a bigger suspect, but right now, my biggest suspect would be the NSA/CIA, the timing of the Syrian escalation is just too perfect.
In the middle east Iran* probably has the greatest geopolitical reach of any country within the region. Through Hezbollah they have an enormous impact on Syria, Lebanon, the Palestinian territories and even Israel. If the al-Assad regime falls Iran has the most to lose as suddenly it would become far more difficult, logistically and otherwise, to provide support to its groups in the Levant.
This explains why Iran is threatening action if the US bombs Syria, for example.
The Putin regime has certainly shown itself capable of significant international "hijinx" (such as assassination, vote rigging, etc.) but overall this doesn't fit their MO.
(*: note that when I say "Iran" here I am talking about the current Iranian regime, very much not the Iranian people.)
Dusting off my tin foil hat, I would go with Israel in collusion with the NSA/CIA. They have the most to gain by turning the media against Syria and the technical capabilities as proven with their involvement in stuxnet.
http://en.wikipedia.org/wiki/Stuxnet
You think that Israel wants a war with Syria? Syria could easily turn those chemical weapons across its border. I think Isreal is probably one of the big factors causing US restraint right now.
But my tin-foil hat hasn't been working very well lately so the government radio signals may be blocking me from seeing something.
Things are enough of a powder-key economically this sort of thing to get out-of-hand in a big way.
China and America are co-dependent but at cyber-cold-war. Russia just recently gave the middle-finger to the U.S. with Snowden and we refused to meet with each other. The two primary powers that emerged after the last world war are no longer at the top so there is an open gap for who's next: the U.S. who no one wanted to mess with is overstretched, underfunded, and there is no better president to have at the helm if you want a war with the U.S. than one who has not achieved much militarily other than social reform and withdrawal, is on the edge of economic shambles due to decades of overspending much more than the stock market and media would lead you to believe, and whose party's voting constituents aren't in favor of a war, and Russia, who turned into a mafia-run state with former KGB at the helm that are unable to elicit much nationalism- much less a military power it used to be, doing the equivalent of selling its military assets on ebay for years.
Mass executions from chemical attack or otherwise are not the reason we are getting involved. This is a power struggle. Some big players (Clinton comes to mind) in U.S. Democratic party are set on cleaning up the Iran/Syria/Lebanon area, and Republicans are always up for a war. But, I'm afraid they will get more than they bargained for.
Why is Russia a bigger suspect? A study of foreign policy and defence would appear to suggest that Iran perceives that it is under threat of invasion from America.
If I seriously believed I was under actual threat of invasion from the US, I am not sure I would piss away my resources getting monkeys to deface a brochure.
Why do you suspect this is sanctioned by Russia? What would they have to gain from pestering a couple media companies, especially at the risk of losing their business? What is your logic here?
"We are protecting you from the hacker-terrorists"
Is this not obvious to everyone else as it is to me? People, think about what is happening here and the timing of it all.
This is a false flag operation to turn the public opinion against "hackers" so these crazy internet regulations bills can start passing and so that they can get away with spying scandal.
If these "hackers" taking down social media sites and NYT times were actually the Syrian government, they'd be going after US government targets in an effort to undermine the bombing that's about to begin.
Their regime is about to get bombed. Taking down twitter is low on their priority list. But it's quite good timing for a propaganda campaign against "hackers" and now allows the US government to label hackers as terrorists. Scary stuff.
Is this not obvious to everyone else as it is to me?
Another possibility is that your opinion is wrong.
If these "hackers" taking down social media sites and NYT times were actually the Syrian government
The thing is, nobody thinks the SEA is part of the Syrian government, any more than the Irish Republican Army was part of the Irish government. It's just a name the group have adopted to show their affiliation and make themselves feel badass.
I don't get your comment?... prominent members from various versions of the IRA are and have been members of Irish governments, see Gerry Adams/Martin McGuinness (Or even Michael Collins if you're talking way back).
Whenever said members/affiliates are former leaders we're really just splitting hairs. I get your point though, I mistook what he had said as there is no link at all between them. Instead he is saying 'The Irish government never commanded the IRA' which I'd largely agree with.
> Their regime is about to get bombed. Taking down twitter is low on their priority list. But it's quite good timing for a propaganda campaign against "hackers" and now allows the US government to label hackers as terrorists. Scary stuff.
Yes, because the bombing of the regime means that every single person supporting the Syrians is automatically going to focus all their efforts on one single task. It is not like there can be people with different perspectives on how to solve a "problem" with the same common goal. /s
Have we heard any government officials calling for any drastic attack on your civil liberties yet?
If you think people can't make the difference between the SEA and people who browse reddit and privacy activists, then you're setting the bar pretty low for the intelligence of the population. Especially considering people are getting more and more informed
I disagree with the conspiracy idea, but from what I've seen the bar should be pretty low for the intelligence of the population (at least in this area). Most of the people I know ignore pretty much everything that has been going on with snowden and as for the SEA, they would probably thing it was part of the Syrian government.
> This is a false flag operation to turn the public opinion against "hackers" so these crazy internet regulations bills can start passing and so that they can get away with spying scandal.
You can't know for sure it is a false flag operation, but you can't easily rule it out either.
Except unlike gods, we are quite sure that false flag incidents can happen. Nobody doubts that. The very concept isn't what is questioned, only particular incidents.
I wasn't questioning the concept though, especially as the Nazis used it to kick off WWII in Europe.
But on the other hand, we at least had proof of the false flag attack by Germany. In this case we have, to this point, faith and educated guesses, but it's faith nonetheless.
NYTimes and Twitter are lame targets? In the US, at least, you don't get a much higher profile non-government target than the NY Times. I mean, if this were a false flag operation -- and I'm not convinced it is -- then the three-letter guys wouldn't very likely chose to target themselves, or other government, would they? They would portray them as being inept at defending themselves.
The target was one registrar and the disruption wasn't anything that's going to be talked bout tomorrow morning. Fairly lame for a sophisticated false flag operation.
No, the attack target was almost certainly sites like the NY Times and Twitter. The attack vector was the domain registrar you refer to. It seems very unlikely that the target was Melbourne IT per se. You see how many of us hadn't even heard of them -- hardly a high-impact target.
See this is why it's a great conspiracy theory. Parts of the attack that are well executed are used as proof that the powerful US Gov't is behind it. Parts that are poorly executed are obviously put there on purpose and thus also proof that the powerful US Gov't is behind it.
As someone asked in the comments of the article asked (no response yet), I'm curious myself...
> "twimg.com is a domain used by Twitter which is an widget company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Does that not mean that SEA will be intercepting this data?"
Couldn't they do this with any of the sites that they modify? That's what I am sort of wondering about, sure you could redirect the homepage to something dumb, and make it really obvious that the site has been attacked. But, it seems like they could have similarly done a man-in-the-middle and sucked up tons of data silently, without throwing up any big red flags.
Ok, firstly whois Microsoft.com just returns all URLs with Microsoft.com in them, even as a subdomain, so they haven't been hacked and that result has been there for ages. Same goes for Verisign etc.
TechCrunch is reporting that registrar MelbourneIT has been hacked.. This wouldn't surprise me but I'm puzzled as to why either site would register with such a bad registrar.
>but I'm puzzled as to why either site would register with such a bad registrar.
Melbourne IT acquired part of Verisign a few years ago, their Enterprise "Digital Brand Management Services". I assume these big companies are either existing customers, or just new customers using that particular part of the service.
Yeah, you're right that was probably a bit harsh given that I'm just running from what I've heard from others, and the fact that last year they were still charging $150 for registration. But who am I to know - I don't want to be one of those token HN trolls who pays out on people for the sake of it so I retract my initial comment.
When we used to have MelbourneIT they sent us an email with our login password in it in a promotional email. When I inquired how they could possibly be properly securing my account when if they where storing my password in some recoverable fashion I got a form letter back stating they followed all the industry security practices. Needless to say I started the transfer of all our domains that same day.
Their exact response:
"Our systems follow strict security measures and only enables us to send the password out to the main email contact in case of password recovery being requested. So rest assured your account password is safely stored with us. "
I ask because I find it harder to believe that they are responsible for this. Just like I don't trust the YouTube videos either. I would find it more likely that three letter agencies are involved as PR.
Fortunately it's really hard to make a Twitter account, what with all the passport checks and ID verification that goes on there. Only real, verified SEA members would be able to create such an account. And only when directly logging in from a verified Syrian government IP.
Go check the account [1] for yourself, if it's fake it's a long-planted fake strung along with other tweets dating back to August 15th and earlier and describing other known SEA hacks.
If it's not legit it would have to be because they let their own Twitter account get hacked at the same time Twitter was being hacked... which seems very noncompliant with Occam.
a month old? dude, Im not standing on either side of this particular fence, it seems perfectly sensible to me to think that either side might be doing it.
Having said that, what on earth is it about that account that makes you think it has any kind of authority?
To be frank, I just couldn't care less who it was. This action is utterly irrelevant to anything that is happening in the real world.
While they may have fixed twimg.com on the DNS level, changes are still taking forver to propogate back out. Right now I'm still getting no data from it.
To add to the matter, SEA is certainly aware of this:
"So, do we host http://twimg.com with Javascript code so all Twitter users will be redirect to our website? #SEA"
The twitter frontpage is completly broken for me. Static assets like css and javascript are served by twimg.com, which are now missing. If SEA has access to a server which can take the load of twimg.com, they can inject their Javascript and possible exploits to ALL twitter users...
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
VERISIGN.COM.MIGHT.SUCK.FYRAE.COM
VERISIGN.COM
I get really crazy responses like this for almost every major site I try (cnn.com, yahoo.com, google.com).
I never use CA's so didn't notice this, I only use the twitter app which Moxie Marlinspike and Charlie Miller hardened with pinned certs to avoid all authorities
$ whois facebook.com
Whois Server Version 2.0
Server Name: FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
IP Address: 69.41.185.229
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
So not sure what to say, but this is the email I received from DynEct the other day:
subject: Webinar Wednesday: Are You Prepared For DNS Disaster?
sender: Dyn hello@dyn.com via dynect-mailer.net
and some info from my old whois:
$ whois twitter.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Server Name: TWITTER.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM
IP Address: 209.126.190.71
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Domain Name: TWITTER.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: NS1.P34.DYNECT.NET
Name Server: NS2.P34.DYNECT.NET
Name Server: NS3.P34.DYNECT.NET
Name Server: NS4.P34.DYNECT.NET
You'd have to have the ability to change DNS records for their domains. If you can point "whatever.com" to a NS that you control, it's game over until they take it back.
Seems to me that melbourneit.com was the cause of these problems - that is the related link between all these different problems - basically poisoning the DNS of any popular company that uses them.
SEA has a history of doing much more than attempting to offset perceived propaganda[1]. With in that site is dozens of gigabytes of logs from Bluecoat[2] proxy hardware that sat in datacenters for Syrian ISPs.
A good amount of what is contained in the logs is things like porn searches, more porn, porn. But amongst the typical naughty bits things like religious queries for Christians, Catholics, Jews, Muslims were being recorded.
Telecomix[3] helped to leak the log-set, and as it stands it is _the_ example of how state entities monitor peoples of 'interest.' Much of these people are long since dead, killed early on as they were the most public[4].
So while the SEA's most public facing events are hijacks, phising, and massive redirects. Please do focus on the end result of pervasive surveillance[5].
Sorry to be cynical and bring politics into this, but I hope that U.S. liberals respond the way they did to Bush to Obama with this strike.
Comedians, the media, etc. accused Bush of an adjust war for someone that used a chemical attack on his own people because there were no found WMD's even though there was evidence of a chemical attack.
Now we are going in again to try to save things. Will Obama come out as a hero? Probably. Should he? Well if he should, Bush needs to get some slack finally.
Don't get me wrong- I think we should do something. But when I hear we are going to do another 3 day bombing run, it's just like Iraq all over again, except this time it's who the Democrats want to bomb. Isn't there an answer that doesn't involve bombing? What are we, Germany in WWII?
The currently debated reaction to Syria's chemical weapons attack is a limited response intended to punish the Assad regime, to attempt to reduce its ability to launch more such attacks in the future and to provide it with a disincentive to do so.
It would not be an attempt to topple the regime or to take over Syria for American interests.
Further, the use of chemical weapons in the Iran-Iraq war as a pretext for invading Iraq in 2004 is, as we all know, extremely disingenuous, given that these attacks happened more than a decade prior – and with the support of the U.S. at the time:
I think the core problem is that military adventurism in this region shouldn't be predicated solely on, say, chemical weapons. Realistically chemical weapons don't tip the balance scales very much in the realm of America's narrow/selfish geopolitical interests, in the interests of humaneness, or in the more broad interests of attempting to do whatever is best for the people of the region on a long-term basis (specifically in regards to peaceful co-existence and consensual governance).
We've attempted low touch "tomahawk diplomacy" before. We bombed Saddam's Iraq for their intransigence and aggression in the late '90s, we bombed Afghanistan and the Suddan in 1998 in retaliation for the bombings of our embassies, and so on. For the most part such things are utter wastes of effort.
Retaliatory strikes are almost always bullshit. "Proportionate response" is just a fancy word for retaliation or revenge. Low touch warfare is almost always a mistake (see also: drone campaigns). We need to have clear geopolitical objectives, we need to be even clearer how we plan to achieve those objectives, and we need to follow through with as much effort (in whatever form) is required to achieve those objectives. Anything else is like some sort of macabre lottery. Attempting to see if killing a few people will magically result in a desired outcome even though the chances are low.
Granted, one should be under no illusions, there are some very serious "bad guys" in the region, and in Syria specifically. Bad guys who few people on Earth should object to being killed. However, the situation is also much more complex than that and it's never the case that military action only kills or injures the exact people you want and no one else. There is a 3 (ish) side sectarian war in progress in Syria which has now spread to Lebanon. Taking out the al-Assad regime could perhaps be a good thing but it won't bring an end to the sectarian war. Whether or not chemical weapons are used as long as that war continues tens of thousands of people are going to be killed each year it goes on, if not more. I don't think the Obama administration has a very strong understanding of the complex dynamics on the ground in Syria nor do they have a firm plan on how to end the war there. Moreover, I think the lessons the administration has taken from what happened in Libya (even taking into account the later attack on the US embassy) are likely to lead them to believe that the situation is far less complex than it actually is.
Don't be silly. You're simply getting everything that starts with microsoft.com.
So for the first microsoft example that's itrebal.com, they can issue subdomains as many as they want or publish records for subdomains which in turn will cause the whois commands to cough up that information. It assumes that you are searching for some info and helpfully includes everything that it thinks might be applicable.
This trick will give you results for almost any well known domain name and is not indicative of a hack, merely of a slight shortcoming in the way whois records are displayed / queries, the default is a non-exact match.
I'm pretty sure that's unrelated and not a problem. Look at those domain names carefully -- they're not actually at google or microsoft. It's just people exploiting how wildcard search feature works.
last time I checked ns1.syrianelectronicarmy.com was hosted out of Russia and includes " qatar-leaks.com" which seems to have disappeared