Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New York Times Hacked?

samzenpus posted more than 2 years ago | from the fox-in-the-henhouse dept.

Security 103

First time accepted submitter porsche911 writes "It looks like the NYTimes have been hacked and a large number of subscribers spammed with messages about cancellation of their service. The phone system is overwhelmed as well. The Times is currently saying the email is a fake, but that raises other worries. They were one of the only 3rd parties that had the email in question so it appears either someone really screwed up or they've suffered a data breach." Update: 12/28 21:59 GMT by S : Looks like it was just a mistake by an employee.

cancel ×

103 comments

Sorry! There are no comments related to the filter you selected.

Well, they tried hacking the The New Yorker first (5, Funny)

elrous0 (869638) | more than 2 years ago | (#38518378)

But then they found out that New Yorker readers were far too smug to lower themselves to reading email.

Re:Well, they tried hacking the The New Yorker fir (3, Interesting)

sleeepy2 (2318690) | more than 2 years ago | (#38518462)

I got the email about my canceled subscription and I have never subscribed to the Times. Weird.

Re:Well, they tried hacking the The New Yorker fir (1)

jrminter (1123885) | more than 2 years ago | (#38518822)

Me too. Just thought it was spam...

Re:Well, they tried hacking the The New Yorker fir (0)

Anonymous Coward | more than 2 years ago | (#38519274)

Same here.

Re:Well, they tried hacking the The New Yorker fir (0)

Anonymous Coward | more than 2 years ago | (#38520108)

Mee too!!!111 </aol>

Re:Well, they tried hacking the The New Yorker fir (1)

madhi19 (1972884) | more than 2 years ago | (#38522818)

Yep got it also it a clever attack phishing by hacking somebody else. Am impressed if I was a sub I might even have fallen for it.

Re:Well, they tried hacking the The New Yorker fir (2)

houghi (78078) | more than 2 years ago | (#38520170)

Hey, I got an email about my credit card being disabled and I don't even have a credit card.

Re:Well, they tried hacking the The New Yorker fir (5, Interesting)

Mashiki (184564) | more than 2 years ago | (#38518492)

Too true, and too funny. You forgot to mention that this is also a method to retain customers after their dismal and continual failure to retain a readership base.

Re:Well, they tried hacking the The New Yorker fir (4, Funny)

Anonymous Coward | more than 2 years ago | (#38518582)

I was happy I was unsubscribed, as I have never signed up for anything New York times related ever. So that information that I was unsubscribed had me thanking God.

Sadly, it now appears to be a hoax. I am now crushed in despair.

Re:Well, they tried hacking the The New Yorker fir (0)

Anonymous Coward | more than 2 years ago | (#38519170)

I was happy I was unsubscribed, as I have never signed up for anything New York times related ever. So that information that I was unsubscribed had me thanking God.

Sadly, it now appears to be a hoax. I am now crushed in despair.

Thanking God for what?

Re:Well, they tried hacking the The New Yorker fir (1, Troll)

Lunix Nutcase (1092239) | more than 2 years ago | (#38518710)

[neckbeard mode]

The term is "cracked" not "hacked". When will those stupid lusers ever learn the difference?

[neckbeard mode]

Re:Well, they tried hacking the The New Yorker fir (2)

flyingsquid (813711) | more than 2 years ago | (#38519310)

UPDATE:The Times mistakenly sent e-mails today to subscribers and others, erroneously stating that home delivery of the newspaper had been canceled. We apologize for the inconvenience.

And... (-1, Flamebait)

pdxer (2520686) | more than 2 years ago | (#38518414)

...nothing of value was lost.

Re:And... (2)

LostCluster (625375) | more than 2 years ago | (#38518512)

Can't be so sure of that... did people give up their account info to the man-in-the-middle thinking it would continue a subscription somebody else in the household seemed to have canceled?

Re:And... (1)

Feyshtey (1523799) | more than 2 years ago | (#38519132)

Woosh.

Re:And... (1)

Runaway1956 (1322357) | more than 2 years ago | (#38519194)

What MIM attack do you refer to? The email gives a phone number to contact, not an email or web page. Unless they have found a way to proxy telephone calls, I don't think it's a MIM.

Re:And... (2)

LostCluster (625375) | more than 2 years ago | (#38520356)

There are plenty of corrupt call centers in the world. They'll answer the phone and collect data based on the check clearing and not whether they've been hired by the legit management of the brand they answer the phone as. Some call centers are stupid enough to think they're doing the right thing when really they're supplying credit card numbers to the wrong people.

Re:And... (1)

lexsird (1208192) | more than 2 years ago | (#38519782)

Nothing of value lost. He's dissing the NY times as no big loss if you don't get it anymore.

It's probably something schemed up by some agents in support of this draconian bill they are trying to pass.

Re:And... (1)

LostCluster (625375) | more than 2 years ago | (#38520390)

We take NY Times articles about tech seriously around here. The dead tree edition may be falling apart and their info-wall turned pay-wall strategy might not be liked, but Slashdot would be worse off if the NY Times was to fail completely.

Re:And... (1)

lexsird (1208192) | more than 2 years ago | (#38520620)

Interesting.

I am thinking it's a known left leaning publication and the Right wants SOPA jammed through because they want a foot in the door, to lay down foundations for more intrusive measures into the Internet. Frankly it's a thorn in their sides, they could have swept OWS under the rug if it wasn't for the Internet. I figure it's another cheesy black ops project ran by some out of control spooks either from an alphabet agency or worse, some corporate cowboys that are completely off radar.

If they can disturb enough sheeple on the Left, attacking their precious NYT, they might cave on SOPA, being it's to protect us from those evil hackers. For the children...and other BS, you know. I wonder if it's the same operatives who orchestrated the scandal on the IMF chief a while back in NY? The question remains, did the IMF ever gain access to Ft Knox to check out the rumor it's empty of gold? Or did that blatant scandal scare them off from coming to American soil, after we proved we would defecate all over diplomatic protocols to protect this big fat rumor. Face it, we gave the world a thinly veiled F YOU, with that whole ordeal.

Not to mention NYPD was busted working with Government black ops and nothing became of it. Shoved under the rug like everything else. Expect more "Left" targets until enough hysteria is generated and they can jam SOPA or something worse through.

Seems the New York Times keeps a spam list (4, Interesting)

KnightMB (823876) | more than 2 years ago | (#38518464)

I've never subscribed to the New York times, yet my personal e-mail address got the same spam? Does this mean more than just a subscriber list was used or do they have a more extensive list that they have bought/captured over the years that's the equivalent of a giant spam list?

Re:Seems the New York Times keeps a spam list (2)

NotSanguine (1917456) | more than 2 years ago | (#38518504)

I do not have a home delivery subscription, just one for the Crossword puzzles, and I received not one, but two spam emails. One to an old email address I used for the account and one for the current email.

As such, it appears that the list does include NY Times account holders of various types. Perhaps this was combined with other spam lists too.

Could be untargeted phishing (3, Insightful)

DragonHawk (21256) | more than 2 years ago | (#38518550)

It could also be that some con-artist somewhere is sending out phishing emails, designed to look like Times cancellation notices, and sent to large numbers of harvested email addresses. Since the set of NYT subscribers with an email address is a proper subset of the set of people with an email address, a lot of NYT subscribers would still be hit.

But "New York Times Hacked" makes for a better headline.

Re:Could be untargeted phishing (1)

sgbett (739519) | more than 2 years ago | (#38518670)

I's say its a mechanical turk implementation of a DDOS!

Spam a bunch of people pretending to be target. A certain percentage of people think e-mail is real and flood legitimate communication channels of said target. (???? / Profit)

Re:Could be untargeted phishing (4, Insightful)

postbigbang (761081) | more than 2 years ago | (#38518838)

The bounce in the header of the message implies that it was triggered internally. It wouldn't have been used to launder the list, because the bounces would have gone back to NYT.

My guess is that it's not a DDOS, it's a fuckup.

Yup, it's a fuckup (1)

DragonHawk (21256) | more than 2 years ago | (#38519908)

My guess is that it's not a DDOS, it's a fuckup.

Looks like you get the gold star. Good call. :)

Re:Could be untargeted phishing (1)

madhi19 (1972884) | more than 2 years ago | (#38522842)

If I had the point I mod up you just for the mturk reference! loll

Re:Could be untargeted phishing (0)

Anonymous Coward | more than 2 years ago | (#38518912)

You know, no one has explicitly said this so it's just a guess but I'm getting the impression that the email account used might be the one the NYT uses/used to send mass emails. Their tech crew evidently said it was possibly an erroneous mass e-mail so that they even suggest that as a possibility seems to imply that the account is (or was) good.

Re:Could be untargeted phishing (0)

Anonymous Coward | more than 2 years ago | (#38519684)

I received this email at my email address for the times. E.g., for slashdot my email is slashdot@anonymous-coward.com and at the NY Times my email is NY.Times@anonymous-coward.com. The latter email received it.

Re:Seems the New York Times keeps a spam list (1)

muon-catalyzed (2483394) | more than 2 years ago | (#38518570)

never subscribed... , yet my personal e-mail address got the same spam. Does this mean more than just a subscriber list was used or do they have a more extensive list

That means that NYT might not have been compromised. The e-mail spammer just took advantage of NYT to ensnare recipients or intends to damage NYT.

Re:Seems the New York Times keeps a spam list (1)

dzfoo (772245) | more than 2 years ago | (#38518794)

I would agree, except for the fact that I received the message on a throw-away address I only gave the New York Times to use their app.

It seems clear to me then that their accounts list was compromised.

      dZ.

Re:Seems the New York Times keeps a spam list (1)

antdude (79039) | more than 2 years ago | (#38521956)

Same here. They only have my e-mail address because I use to log in. BugMeNot's accounts don't always work.

NY Times Response (5, Informative)

NotSanguine (1917456) | more than 2 years ago | (#38518468)

Is this [nytimes.com]

Re:NY Times Response (0)

cultiv8 (1660093) | more than 2 years ago | (#38518562)

We’re working to coordinate a response

Good to know they're on top of things.

Re:NY Times Response (3, Interesting)

Skapare (16644) | more than 2 years ago | (#38518860)

They also need to get their DNS updated to also include a genuine SPF record and not rely entirely on the TXT record.

Re:NY Times Response (1)

Arrogant-Bastard (141720) | more than 2 years ago | (#38519160)

There's no reason to do so: SPF has no anti-spam and no anti-forgery value in the contemporary environment. (That's why, despite the desperate flogging by the ignorant who claim that SPF is anything from a preventative to a magic cure-all, the largest adopters of SPF to date are spammers.)

Re:NY Times Response (1)

bill_mcgonigle (4333) | more than 2 years ago | (#38523170)

the largest adopters of SPF to date are spammers.

By what measure? Every large e-mail company publishes SPF records. Lots of small ones do too.

I'd be surprised if the vast majority of active e-mail accounts didn't have SPF records to check (excepting Yahoo, which is domainkeys-or-bust).

Print Subscribers Only (3, Informative)

LostCluster (625375) | more than 2 years ago | (#38518480)

This appears to be a phishing attack aimed at getting NY Times readers to re-up their subscription with a phony contact given. Looks like their e-mail list got leaked.

Re:Print Subscribers Only (1)

Scavia (2541190) | more than 2 years ago | (#38518638)

Could it be that an NYT staffer screwed up, or is it a for-real phishing attempt?

Re:Print Subscribers Only (2)

Skapare (16644) | more than 2 years ago | (#38518876)

Look at the headers and see if the SMTP connection really came from 208.70.142.0/23 or not.

Re:Print Subscribers Only (3, Insightful)

dzfoo (772245) | more than 2 years ago | (#38518852)

Then how would you explain that I received the message on an e-mail address that I made specifically to use the NYT app and never have used for anything else?

That automatically rules out a third party. It was either sent in error, or their user accounts list was indeed compromised.

A possible third alternative is that they shared their accounts list with a partner that was then compromised. Either way it seems the list was compromised.

Re:Print Subscribers Only (1)

LostCluster (625375) | more than 2 years ago | (#38520422)

That's what I get for RFTAing... the e-mail clearly identifies it as a print subscription being canceled, but your report of it going out to app users shows a wider breach than I first thought.

Re:Print Subscribers Only (1)

fermion (181285) | more than 2 years ago | (#38520452)

As mentioned, the NYT is now taking responsibility for this. I don't know if it was an error or disgruntled employee. I know that this is not the first mistaken email I have received over the holiday. I don't know what precautions these companies have to prevent a single employee from sending mass emails, but it appears the security is minimal.

What I can say is that the headers appear to indicate that the email is from the NYT servers. There are no fancy links in the email that would otherwise be used to obfuscate or otherwise mislead the user. If this was a malicious email, it was simply meant to cause grief to the NYT by flooding the switchboard and possibly angering some thin skin customers in canceling subscriptions.

There is no phony contacts or HTML type links that the user can click.

Mod my own post down... (1)

LostCluster (625375) | more than 2 years ago | (#38521484)

This post was written before the thread below it proved my theories wrong.

Used the unique address I gave to the NY Times (5, Informative)

jerryasher (151512) | more than 2 years ago | (#38518488)

I got the email too, and it used the unique email address I gave to the NY Times, so either they were breached or some company they gave my data to was breached.

Joe Katz on twitter says the same thing:

"Joe Katz @joekatz 1h
@NYTPRGUY thing is, I got a "subscription cancelled" message sent to an email alias that only @NYTimes has for me. Was your list hacked?"

So remember folks when you outsource your IT and marketing and provide them your customer data, you are opening your customers up to their low security practices.

this will shed light (2)

l2718 (514756) | more than 2 years ago | (#38518580)

I got the email too, and it used the unique email address I gave to the NY Times, so either they were breached or some company they gave my data to was breached.

Indeed, this will probably force the NYT to shed light on who they share their subscribers' contact information with.

I can confirm the email being sent out. (4, Informative)

milbournosphere (1273186) | more than 2 years ago | (#38518498)

I got the supposed cancellation email this morning, for a subscription I haven't had in almost three years. I was going to call, but I guess I'll just ignore it for now. Text of the email I received is below.

Dear Home Delivery Subscriber, Our records indicate that you recently requested to cancel your home delivery subscription. Please keep in mind when your delivery service ends, you will no longer have unlimited access to NYTimes.com and our NYTimes apps. We do hope you’ll reconsider. As a valued Times reader we invite you to continue your current subscription at an exclusive rate of 50% off for 16 weeks. This is a limited-time offer and will no longer be valid once your current subscription ends.* Continue your subscription and you’ll keep your free, unlimited digital access, a benefit available only for our home delivery subscribers. You’ll receive unlimited access to NYTimes.com on any device, full access to our smartphone and iPad® apps, plus you can now share your unlimited access with a family member. To continue your subscription call 1-877-698-0025 and mention code [] (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

Doesn't look like they're trolling for information, but I have not tried the number.

Re:I can confirm the email being sent out. (2)

NotSanguine (1917456) | more than 2 years ago | (#38518554)

To continue your subscription call 1-877-698-0025 and mention code [] (Monday–Friday, 8:30 a.m. to 8:30 p.m.; Saturday, 9 a.m. to 3 p.m. E.D.T.).

Doesn't look like they're trolling for information, but I have not tried the number.

The phone number above asks you to send a fax to a different number. They're *definitely* trolling. Note that the real phone number is 1 800 NYTIMES.

Re:I can confirm the email being sent out. (2)

Anonymous Coward | more than 2 years ago | (#38518564)

Ooh, ooh, ooh... FAX?

I predict they will begin receiving sheets of black construction paper shortly...

Re:I can confirm the email being sent out. (1)

NotSanguine (1917456) | more than 2 years ago | (#38518676)

Ooh, ooh, ooh... FAX?

I predict they will begin receiving sheets of black construction paper shortly...

I recommend full color Goatse.

Re:I can confirm the email being sent out. (1)

pz (113803) | more than 2 years ago | (#38518698)

Oh, man what a *great* idea, thanks!

Re:fax machines (0)

Anonymous Coward | more than 2 years ago | (#38519120)

People still use fax machines? I thought these days people scan documents and then email them.

Re:I can confirm the email being sent out. (1)

C-Shalom (969608) | more than 2 years ago | (#38518856)

It's from the same IP address as their other marketing emails regarding digital subscriptions and also their "Exclusively for Times Subscribers" newsletters

208.70.142.121

It's from them or their marketing partner.
I'm putting my money on a marketing campaign gone wrong.

Re:I can confirm the email being sent out. (2)

Arrogant-Bastard (141720) | more than 2 years ago | (#38519208)

Ah, a WHOIS lookup shows that it's the incompetent spammers-for-hire at Epsilon. (Go Google "epsilon spam" for a glimpse at the tip of the iceberg. I'll wait.)

Back? Good. Epsilon does spam-for-hire for a number of companies; apparently the crack reporting staff at the NYT isn't intelligent or diligent enough to figure this out and report it to their own management. This is hardly the first incident involving them -- or rather, it's hardly the first widely-known incident involving them. Those of us who've been studying spam for decades are well aware of this sleazy operation.

Re:I can confirm the email being sent out. (1)

Skapare (16644) | more than 2 years ago | (#38518894)

Post the email headers ... at least the one showing where the SMTP connection came from.

Re:I can confirm the email being sent out. (1)

Runaway1956 (1322357) | more than 2 years ago | (#38519264)

from: The New York Times nytimes@email.newyorktimes.com
reply-to: "\"no-reply\""
to: nonyerdamnbiznezz@somemaildrop.com
date: Wed, Dec 28, 2011 at 12:35 PM
subject: Important information regarding your subscription
mailed-by: email.newyorktimes.com

Re:I can confirm the email being sent out. (1)

milbournosphere (1273186) | more than 2 years ago | (#38519294)

Full header is below:

Delivered-To: my.email@gmail.com
Received: by 10.236.22.4 with SMTP id s4cs215803yhs;
Wed, 28 Dec 2011 10:41:55 -0800 (PST)
Received: by 10.224.34.17 with SMTP id j17mr39609944qad.22.1325097714240;
Wed, 28 Dec 2011 10:41:54 -0800 (PST)
Return-Path: <1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com>
Received: from dmx1.bfi0.com (dmailer0121.dmx1.bfi0.com. [208.70.142.121])
by mx.google.com with ESMTP id k1si20381231qap.21.2011.12.28.10.41.53;
Wed, 28 Dec 2011 10:41:54 -0800 (PST)
Received-SPF: pass (google.com: domain of 1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com designates 208.70.142.121 as permitted sender) client-ip=208.70.142.121;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of 1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com designates 208.70.142.121 as permitted sender) smtp.mail=1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com; dkim=neutral (bad format) header.i=@email.newyorktimes.com
Return-Path: <1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com>
DKIM-Signature: v=1; a=rsa-sha1; d=email.newyorktimes.com; s=ei; c=simple/simple;
q=dns/txt; i=@email.newyorktimes.com; t=1325097713;
h=From:Subject:Date:To:MIME-Version:Content-Type;
bh=nhz0zIwZATi7xbHD7nLVhsMhIA4=;
b=dysnMp6WtfdnQ81EYPV3YnpcqwN2mlEheNAmPWUYPohzAyRWvWxjh4WOm9WsTFV1
nRUVMa36cWVaT0QSWUsQ7JFC+SznUlwTjLOWFZKt+l8aqyIZ3yqXFKp6Ehe2N4fL
JHZ5KYN3KbXcq4Val62mpoLKSqxd+6xHEPouVRNLYLU=;
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
s=ei; d=email.newyorktimes.com;
h=List-Unsubscribe:Received:Reply-To:Bounces_to:Message-ID:X-SS:X-BFI:Date:From:Subject:To:MIME-Version:Content-Type;
b=WXerPb4btsH2OBN2MhMNgAqMyeXcw87Uwsme8EmwQW7yLOnoHTPYt15DxY8/OJJE
ShhvF7Wr5zBtHDUKX/yPVjaSfDT9kXgdjyRnGNDckQJcskWtOOYCjB7CAC46nw9K
eje2xT1+JJy1kIjNyTcVFc22ELVjB/P/YmyNkZCboyI=
List-Unsubscribe: <mailto:1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com?subject=unsubscribe>
Received: from [10.150.20.121] ([10.150.20.121:36220] helo=dlspvhcimailer21)
by dmx1.bfi0.com (envelope-from <1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com>)
(ecelerity 2.2.2.45 r(34222M)) with ESMTP
id 30/E2-10092-1F26BFE4; Wed, 28 Dec 2011 13:41:53 -0500
Reply-To: =?iso-8859-1?B?Im5vLXJlcGx5Ig==?= <1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com>
Bounces_to: nytimes.1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa@email.newyorktimes.com
Message-ID: <1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa.5366.36.dlspvhcimailer21.DumpShot.1@email.newyorktimes.com>
X-SS: 1-2-190002-122194082
X-BFI: 1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa
Date: Wed, 28 Dec 2011 13:34:27 EST
From: =?iso-8859-1?B?VGhlIE5ldyBZb3JrIFRpbWVz?= <nytimes@email.newyorktimes.com>
Subject: =?iso-8859-1?B?SW1wb3J0YW50IGluZm9ybWF0aW9uIHJlZ2FyZGluZyB5b3VyIHN1YnNjcmlwdGlvbg==?=
To: my.email@gmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="ABCD-1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa-EFGH"

--ABCD-1957cf945layfovciab7saeiaaaaaazzkodoqoseiuiyaaaaa-EFGH
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

well-done walled garden (2)

noh8rz2 (2538714) | more than 2 years ago | (#38518506)

I really like the walled garden they implemented. It's essentially a "fenced garden." It allows you 20 articles a month for free before bugging you about a subscription. If you follow a link to a story, you can read the story even after the 20 articles are up. You can always browse the main pages for each section. With trivial effort you can call up an article after your 20 articles are done. They don't try to be asses about it.I hope they're finding success with this model, so other companies will adopt it instead of WSJ type approaches.

Re:well-done walled garden (1)

Jeremy Erwin (2054) | more than 2 years ago | (#38518650)

20 articles? I could use that allotment up in a day or two.

Re:well-done walled garden (1)

theillien (984847) | more than 2 years ago | (#38518700)

I definitely don't like the WSJ method. I've yet to read a full article on their site because I refuse to be lured in with partials. If it's genuinely news, I'll be able to find it elsewhere and likely for nothing more than ads on my screen.

Re:well-done walled garden (1)

Pausanias (681077) | more than 2 years ago | (#38518722)

Their walled garden takes cash from people who can afford it AND (want to support the times OR are too stupid to clear cookies).

The rest of us can either not read it or read it for free.

I like it. This should be the funding model for the Internet. Kind of like the art patrons of the renaissance.

DNS Hack? (4, Informative)

Midnight_Falcon (2432802) | more than 2 years ago | (#38518530)

At first glance with little information, it appears as though the messages in question with reply-to address @email.nytimes.com, which resolves to the same host as the @ record of nytimes.com (presently, 11:58 PST, 199.239.136.200). However, the message was sent by dmailer099.dmx1.bfi0.com, 208.70.142.99. This is their upstream MTA provider called Epsilon, which had been known to have been hacked previously. Chances are this customer list was compromised from an upstream provider and the mail messages sent via hacking one of the servers at their mail provider, and the NYTimes internal network was not compromised, at least ostensibly by this act. Chances also are that NYTimes only uses this provider for mass communication and not internal messaging. So this is prominent because it involves the NYTimes and a phishing attempt, but in the grand scheme of things it's a bit of a dud.

Re:DNS Hack? (1)

Skapare (16644) | more than 2 years ago | (#38518936)

Or ... the hack could have actually been executed inside the NYT network. We know big businesses are incapable of completely securing their networks, so it is plausible. Or it could have been a staffer error. We'll never know because people at NYT are all too familiar with all the many ways of covering up bad stuff.

Re:DNS Hack? (1)

Midnight_Falcon (2432802) | more than 2 years ago | (#38519066)

You've forgot about the biggest factor inhibiting a cover-up -- the other news organizations! The NYT has a lot of rivals out there, and it's certain that the Wash Post or Reuters etc would love to run stories about their poor security, if that's the case.

The NY times has been hacked before and is frequently a target for hackers, defacements etc and very likely invests a good sum of money in internal security. However, their mass emails are done by an external vendor, and that's just probably managed as a monthly fee moreso than a part of their network.

Occam's razor, Skapare....if they went through all this effort on a phishing attempt, if they had hacked the internal DB couldn't they just run the cards of high profile or high net worth individuals, maybe sorted by neighborhood? Start charging people on the Upper East Side of Manhattan first?

Or send out phishing emails to everyone and hope that the least perspicacious (and not reliably wealthy) individuals give you their information?
It just seems as though if the internal DB had been compromised, a lot of extra effort was done that was unnecessary or illogical. Thus I think logic fails on the assumption that the hack was internal to the NYT network, unless we get more information.

Turn off Javascript when going to nytimes.com (1)

Anonymous Coward | more than 2 years ago | (#38518538)

If you surf their site with Javascript turned off, you don't have to sign in at all.

They had it coming. (0)

Anonymous Coward | more than 2 years ago | (#38518540)

That is what they get for their restrictive 19xx "Register to read" BS.

Seriously. What is that supposed to do? To force people to register?

Not surprising (4, Interesting)

cultiv8 (1660093) | more than 2 years ago | (#38518542)

Someone wrote 4 lines of CSS & JS [slashdot.org] and was able to haxxor NYTimes paywall. A guru hacker [sfphp.org] is not necessary.

Re:Not surprising (1)

milbournosphere (1273186) | more than 2 years ago | (#38519526)

You dont' even need that. All you need to do is remove everything after the question mark in the url from the address bar, and refresh.

http://www.nytimes.com/2011/12/29/world/europe/despite-drop-in-borrowing-rates-italys-economic-travails-remain-acute.html?hp&gwh=EDDD7B35BB09C81DDA0899E0B59BC09C [nytimes.com]
changes to
http://www.nytimes.com/2011/12/29/world/europe/despite-drop-in-borrowing-rates-italys-economic-travails-remain-acute.html [nytimes.com]

Bam, all the free New York Times content you want.

Re:Not surprising (1)

antdude (79039) | more than 2 years ago | (#38521784)

Does it still work today?

I bookmarked it and tried a few NYT articles, but I keep gettings its JS code in my Mozilla's SeaMonkey v2.0.14 web browser? :(

Copy of E-mail headers (2)

Midnight_Falcon (2432802) | more than 2 years ago | (#38518584)

Reinforces my earlier conclusion that their upstream MTA agent provider for mass mailings had been compromised, and likely still is.

Available here: https://gist.github.com/1529336 [github.com]

Received: from dmx1.bfi0.com (dmailer0121.dmx1.bfi0.com. [208.70.142.121]) by mx.google.com with ESMTP id v2si13633651ane.208.2011.12.28.10.17.18; Wed, 28 Dec 2011 10:17:18 -0800 (PST)

Interesting areas:

DKIM-Signature: v=1; a=rsa-sha1; d=email.newyorktimes.com; s=ei; c=simple/simple; DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;

Likely malicious activity or a data breach... (0)

Anonymous Coward | more than 2 years ago | (#38518590)

From anecdotal evidence it seems like the e-mails are going out to those who have registered it at some point with the New York Times. This would be not only those with paper subscriptions, but those with an account on the site--something that used to be free an thus tons of people would have registered. That explains those that are saying they weren't a subscriber but got the message.

Similar to the original post, I too got the message to an account that is kept very private. It seems extremely unlikely that this was a case of random SPAM. The New York Times needs to come clean. They say that "they" didn't send the message... but many on Twitter have pointed out the e-mails originated from a 3rd party company that the Times has previously used for sending out legit messages. It seems likely that either they, or the 3rd party, has a rogue employee or has suffered a data breach. Either way it's customer data they they have a responsibility for keeping secure.

Suddenly the IT dept of a newspaper has become news itself... oops.

Re:Likely malicious activity or a data breach... (1)

Midnight_Falcon (2432802) | more than 2 years ago | (#38518614)

Or the IT department of their upstream mail transfer provider, as most media agencies have rather than building an in-house network. I hope these systems are discrete.

well-timed blow (2)

Scavia (2541190) | more than 2 years ago | (#38518600)

Wow, this is really gonna screw with their business model. This was the first year the NYT was trying to push a lot of longtime loyal readers into paid subscriptions (last year got covered by a grant from GM, I think). Now I'm really, really reluctant to give them credit card info. Way to epic fail there, guys.

A phishing scheme with great timing? (1)

Jeremy Erwin (2054) | more than 2 years ago | (#38518634)

I received a similar message. For the past year, I've had a subsidized, free subscription to the website, and I've been notified that my access will be cut off (or greatly curtailed) if I don't upgrade to a regular digital subscription. I had thought that the subscription department was proposing a new offer-- half price for 16 weeks, rather than 99 cents for the first 8 weeks, then a regular rate afterwards.

Re:A phishing scheme with great timing? (1)

rk2z (649358) | more than 2 years ago | (#38519238)

Yeah same thing happened to me, I get the Sunday times and got a new Credit card number and figure they canceled me when my auto bill didn't work. Too bad I was hopping for 50% off. ;(

All the names fit to print. (1)

hawks5999 (588198) | more than 2 years ago | (#38518648)

Wonder if the names and cc#s of subscribers will get pastebin'd. Did NYT cover Anonymous' stratfor attack unfavorably or something?

I was wondering about that e-mail (1)

dekker (44510) | more than 2 years ago | (#38518654)

I got one today as well. Thought it was strange since I have an account on the web site, but I'm not actually a subscriber. Good to know that it's a mistake and that I'm not using that account for anything important. Hope they weren't hacked though.

Gmail's SPAM filter updates/adapts fast! (3, Interesting)

Faizdog (243703) | more than 2 years ago | (#38518740)

So I got the email in my Gmail account, which is how I've signed up for home delivery of the NYT. I'll foolishly admit that I was fooled, and called the number in the email and got the recorded message saying that the line was busy (maybe that was the whole point, now they've got my number too).

Anyway, I didn't want to lose the delivery, so I marked the email as unread so that I could address it later and logged out of Gmail.

After about 20/30 minutes when this story broke on /. and other sties, I figured I'd log back into Gmail, check my email (what you don't compulsively check email?) and delete this spam. I couldn't find it in my inbox! I checked the trash thinking I may have deleted it, but it wasn't there. Then I thought to check the SPAM folder, and sure enough it was in there, still marked as unread.

Gmail updated the spam policy to classify this specific email as spam in about 20 minutes, where as it had made it into my inbox before.

Upon reflection, it's not surprising, I'm sure a lot of users marked it as SPAM in the last 20 minutes, but still was interesting for me to note. Gmail's spam filter is usually pretty good, I NEVER even look in the spam folder (even for false positives) so this was an interesting experience. I wonder if I'd left it marked as "read" and not remarked it as "unread" if it would still have been moved out from my inbox to the spam list?

Re:Gmail's SPAM filter updates/adapts fast! (1)

plebeian (910665) | more than 2 years ago | (#38519202)

FYI: I read the message, it is still in my Gmail inbox. I guess their spam filter was only applied to the unread messages..

Re:Gmail's SPAM filter updates/adapts fast! (0)

Anonymous Coward | more than 2 years ago | (#38519220)

I "read" it and it is still in my inbox...

Re:Gmail's SPAM filter updates/adapts fast! (0)

Arrogant-Bastard (141720) | more than 2 years ago | (#38519292)

First, the proper term is "spam"; never "SPAM". The former refers to unsolicited bulk email; the latter refers to a product of the Hormel Corporation.

Second, having conducted extensive testing on Gmail's spam filter, I can only award it a C; both its false positive and false negative rates are unacceptably high, certainly not good enough to qualify for professional use. (However, let me note in passing that this mediocre performance is still much better than that of others competing in the same space; Yahoo and Hotmail both receive F's with my regret that no lower grade is available.)

Third, user-driven spam/not-spam classification systems are fraught with difficulties -- most notably, they're quite easy to game (in both directions). Some spammers are apparently well aware of this and have been exploiting it quite effectively. Unfortunately, it has proven rather difficult to convince those being exploited that it's being done to them -- they prefer to remain in denial rather than admit that their elaborate scheme has been neatly undone by a combination of social engineering, botnets, and modestly clever scripting.

Re:Gmail's SPAM filter updates/adapts fast! (1)

Killer Instinct (851436) | more than 2 years ago | (#38520180)

After about 20/30 minutes when this story broke on /. and other sties,

Hey, watch it...it may be a little messy here, but its no stie !

-KI

Missing WHERE? (1)

Lucabrasi (137017) | more than 2 years ago | (#38518878)

Sounds like someone forgot the WHERE clause when sending out the email.

NYT admits they screwed up (3, Informative)

gstrickler (920733) | more than 2 years ago | (#38519126)

According the the linked article, an update from NYT indicates that they sent the email. It was supposed to go to 300 people, instead, it went to all 8M people with NYT accounts.

Re:NYT admits they screwed up (0)

Anonymous Coward | more than 2 years ago | (#38520860)

you don't just do these mistakes... @DestructiveSec claimed hacking NYT 5 minutes ago

NYTimes admits they screwed up (0)

Anonymous Coward | more than 2 years ago | (#38519186)

They New York TImes now admits that there earlier assertions that the e-mail was "SPAM" and "not from us" were in fact false. The e-mail was from them. They say they weren't hacked but that it was sent by an employee to 8 million people who had, at one point or another, registered they're e-mail address with the Times.

Evolution of this story:

1. It wasn't from us...
2. Really it's SPAM, just delete it...
3. Seriously, it wasn't us, it's SPAM, there's nothing to see here people, move along now...
4. Techno Nerds: The headers check out... that e-mail really did come from them or it was an extraordinarily well done fake!
5. All other media outlets: New York Times has been hacked... stay tuned for more details
6. New York Times: We're investigating
7. New York Times: OK... so we told a fib. It really was us. Ooops. Sorry. We weren't hacked... (we're telling the truth this time, we promise)

There's likely a few folks in the New York Times IT department looking for jobs this evening...

You would think the Democratic Party... (-1)

Anonymous Coward | more than 2 years ago | (#38519196)

...would have better security for various parts of their organization, what with an election coming uip and all. They should probably check to see if other divisions, like MSNBC, Media Matters, and NPR have properly secured their computers.

I got one too. (1)

140Mandak262Jamuna (970587) | more than 2 years ago | (#38519230)

I had been a registered user long ago, stopped going there ever since they put up a paywall. I got a spam from them today. I thought it was odd. Anyway, they have been keeping all email addresses, have not deleted any. So subscribers, beware, they probably save the URL of every article you read.

They're now claiming it was their error (1)

dekker (44510) | more than 2 years ago | (#38519298)

I just got this:

Dear New York Times Reader,

You may have received an e-mail today from The New York Times with the subject line “Important information regarding your subscription."

This e-mail was sent by us in error. Please disregard the message. We apologize for any confusion this may have caused.

Sincerely,

The New York Times

"e-mail sent by us in error" (1)

porsche911 (64841) | more than 2 years ago | (#38519674)

It looks like someone at the Times made a mistake.

I just received this from NYTimes:
"Dear New York Times Reader,
You may have received an e-mail today from The New York Times with the subject line “Important information regarding your subscription."
This e-mail was sent by us in error. Please disregard the message. We apologize for any confusion this may have caused.
Sincerely,
The New York Times"

Ars Technica says it's a mistake, not a hack (0)

Anonymous Coward | more than 2 years ago | (#38519758)

According to Ars Technica
UPDATE: Just after we posted the story below, New York Times reporters confirmed that the e-mail was from the paper, and that it was mistakenly sent to more than 8 million people instead of only 300 as intended. Previously, the Times said the message was spam and denied sending it. ... (As we note in the update up top, in this case there was no hack of Epsilon. The Times now says the e-mail was mistakenly sent by a Times employee, not an employee of Epsilon.)
http://arstechnica.com/business/news/2011/12/spammers-take-control-of-new-york-times-e-mail-list.ars

email from NYT (0)

Anonymous Coward | more than 2 years ago | (#38519892)

Dear New York Times Reader,

You may have received an e-mail today from The New York Times with the subject line “Important information regarding your subscription."

This e-mail was sent by us in error. Please disregard the message. We apologize for any confusion this may have caused.

Sincerely,

The New York Times

Blame hacking by default (2)

93 Escort Wagon (326346) | more than 2 years ago | (#38520322)

It's not unusual for this sort of thing to happen, unfortunately. Within the past year I've received at least two spammy emails from different companies which were followed in short time by a second email apologizing for the error. People make mistakes, and always have - so, when it involves electronic communication, I wonder why we're so prone to immediately blaming a hacker for it when a simpler explanation is readily available?

If someone were to hack the New York Times, I wouldn't think sending out cancellation notices would be high on their "to do" list - whether they were a kiddie hacker or of a more serious bent.

Re:Blame hacking by default (1)

Megaflux (1803738) | more than 2 years ago | (#38522308)

I think the reason is that if you say it is an hacker or a virus, your manager will accept the answer (maybe because he decreased the security budget and starts thinking its his fault), whereas if you say it was an human error the finger pointing is starting really fast and people are afraid of that and trying to postpone the problem (or it maybe going away completely unrecognized as an human error).

hacked for real? (0)

Anonymous Coward | more than 2 years ago | (#38520632)

apparently hacked by @destructiveSec as per their tweet https://twitter.com/#!/DestructiveSec/status/152165387839086592

@DestructiveSec
Destructive Security
#OpFireSail - bit.ly/rBMsE0 - New York Times Hacked - We gained access "shortly" to there email server ;-)
4 minutes ago via Twitter for iPhone Favorite Undo Retweet Reply

Hey I wanted the deal! Darn! (1)

RubberDogBone (851604) | more than 2 years ago | (#38522420)

One of my first jobs was as a route driver for the NYT. It was a crappy job, the pay sucked, and it wore on my car something fierce. And I left a relative at home every night and didn't realize they were going insane, quite literally, with worry about me out driving the streets.

However, the job taught me a LOT about how to organize a delivery route for efficiency, I got to drive all over literally the richest neighborhood in my city, and for a period of time, I was proud to say I worked for The New York Times, dammit! Back when THAT meant something! Sure, I was a tiny cog in a giant machine but it beat being a nobody working for a nothing company. The local paper guys used to HATE us. We were the glory boys of paper throwing.

I have never forgotten the experience.

So we here at RubberDogBone Central were happy to hear about a half-off deal that would get us the paper and probably keep some poor route driver out of his/her way to deliver it.

Oh well. Some poor route driver's relative will have to find another way to go insane.

New York Times,on Linux? (1)

dontgetshocked (1073678) | more than 2 years ago | (#38525484)

New York Times; I thought they were on Linux? Hmmm

Darn! (1)

WileyC (188236) | more than 2 years ago | (#38525792)

I was hoping they replaced the articles with million-monkey random gibberish... at least then there would be the chance of some accuracy slipping in!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>