How the New York Times Is Still Publishing Despite Being Hacked (Updated)

NYTimes.com went dark for the second time in a month on Tuesday afternoon, but that doesn't mean the newspaper will stop publishing. Bypassing the DNS, The Times is continuing to publish stories under its bare IP address. And the reporters are continuing to write.

Aside from being fast and smart, the Times's work around is relatively simple. The internet as we know it relies on the Domain Name System (DNS) to direct us to the location of websites that are actually located at a numerical IP address. NYTimes.com, for instance, simply points you to servers located at 170.149.168.130. So when hackers manage to hijack a domain—which is apparently what happened with this latest Times hack—the IP address and everything on the servers that it points to remains intact. (Pro Tip: If NYTimes.com isn't working for you, you can just type in the IP address and access the entire site.)

So what about that hack? It appears that the Syrian Electronic Army got ahold of The New York Times's domain and rerouted it to one of its own sites. (It also looks like Twitter.com got hit.) A Times spokesperson said soon after the outage that the trouble was "likely result of malicious external attack." However, malice can't trump quick thinking.

Update: As service remains intermittent, the Syrian Electronic Army allegation is starting to look more likely. Some users reported seeing this graphic when trying to visit The Times's website:

How the New York Times Is Still Publishing Despite Being Hacked (Updated)

Meanwhile, the Times continues to publish articles about the violence and injustice in Syria.

Update 2: The Times has issued the following statement:

The New York Times Web site was unavailable to readers on Tuesday afternoon following an attack on the company’s domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive e-mails.

Marc Frons, chief information officer for The New York Times Company, issued a statement at 4:20 p.m. warning employees that the disruption — which appeared to still be affecting the Web site as of 5:50 p.m. — was " the result of a malicious external attack by the Syrian Electronic Army “or someone trying very hard to be them.” He advised employees to “be careful when sending e-mail communications until this situation is resolved.”

Several people on Twitter said they believed it was the work of the Syrian Electronic Army, a group of hackers who support President Bahar al-Assad of Syria. Matt Johansen, head of the Threat Research Center at White Hat Security, posted on Twitter that he was directed to a Syrian Web domain when he tried to access The Times’s Web site.

Until now, The Times has been spared from being hacked by the Syrian Electronic Army, which has successfully disrupted the Web operations of news organizations like The Financial Times. On Aug. 15, the group hacked The Washington Post’s Web site through a third-party service provided by a company called Outbrain. At the time, the Syrian Electronic Army also tried to hack CNN. Some information security experts said the group also appeared to be ready to hack The New York Times Web site that day.

In a post on Twitter Tuesday afternoon, The Syrian Electronic Army also said it had hacked the administrative contact information for Twitter’s domain name registry records. According to the Whois.com lookup service, the Syrian Electronic Army was listed on the entries for Twitter’s administrative name, technical name and e-mail address.