Instead of the home page of the Times, Markoff saw a Web page for an organization called Hacking for Girlies. The site displayed a black screen with an HFG logo of three bare-breasted women and nine paragraphs of somewhat cryptic messages--some directed at Markoff, a 10-year veteran of the Times, whose past reporting on computer intruders has drawn the ire of the hacker community.
While Markoff was just waking up to the news of the attack, Bernard Gwertzman, editor of the New York Times on the Web, was already two hours deep into a wrestling match with the hackers. Gwertzman first discovered the attack when he booted up his computer at 7:45 a.m. in New York. He republished the Times home page, but the hackers' page came back. Again Gwertzman republished. And again the hackers trumped him. After the competing pages flipped back and forth at least 10 times, the editors at the Times pulled the plug on the site at 10:20 a.m.
"I don't think we had much choice," Gwertzman says. "Going back and forth was just not profitable."
The Times eventually went back online at 7:40 that night, with a note to readers that explained: "The New York Times on the Web was unavailable for more than nine hours on Sunday, the result of an attack by hackers. Most of the site is now available but certain areas, including the archive, crossword and some other services remain inaccessible."
The site was restored in full a week later.
The Times appears to be the first major newspaper site to be successfully targeted by hackers in this way, although no one can be certain. "The first rule of site management is never to admit to having been attacked," said Eric Meyer, who teaches journalism at the University of Illinois and is managing partner of AJR Newslink, AJR's Web site, in an interview via e-mail. There is also a definitional problem, Meyer added. Is an attempt an attack? "If so, virtually every site has been attacked at one time or another."
Meyer, who has covered hackers on and off since 1982, said he is "surprised we have not seen a celebrated case until now." However, he added, attacks like the one on the Times are not very common, partly because they're not very challenging.
Meyer said he is more concerned about covert invasions than the graffiti-like vandalism of the Times. It was obvious that the front page readers saw was not the New York Times. What worries Meyer and others is the thought that subtle or minor changes could be made in content--for example, changing one paragraph that might not be easily noticed.
Fortunately, no articles were known to be corrupted in the Times attack, says Gwertzman.
Howard Witt, associate managing editor for interactive news at the Chicago Tribune, was surprised to hear about the break-in at the Times. Witt is "pretty confident" of the security of the Tribune's site. But, he cautions, "I'm not so foolish as to sit here and say that we're invulnerable to an attack." In the wake of the Times event, the Tribune did double-check its system.
As for the Times, Gwertzman says, "Hopefully, our security will be better as a result of this."
Some simple steps can be taken to protect Web sites, Meyer said. He emphasizes that it's important to dispell the hype surrounding the Times incident. "Popular perception is that there's very little one can do about stopping a terrorist, online or anywhere else, so many simply are not trying. If the Times could be targeted, the thinking goes, what about poor us?"
San Francisco-based technology reporter John Markoff got the call at 6:30 a.m. on Sunday, September 13. An East Coast friend told him to turn his computer on--the New York Times Web site had been hacked.