A number of media companies lost control of some of their websites yesterday after hackers supporting the Syrian government breached the Australian internet company that manages many major site addresses.
The companies affected included the New York Times, Twitter and the Huffington Post
The Syrian Electronic Army claimed credit for the Twitter and Huffington Post hacks in a series of Twitter messages.
The hacker group has previously attacked media organisations that it considers hostile to the regime of President Bashar al-Assad.
Security experts said electronic records showed that NYTimes.com, the only site with an hours-long outage, redirected visitors to a server controlled by the Syrian group before it went dark.
New York Times spokeswoman Eileen Murphy tweeted the "issue is most likely the result of a malicious external attack", based on an initial assessment.
The Huffington Post attack was limited to the blogging platform's UK web address.
Twitter said the hack led to availability issues for an hour-and-a-half, but that no user information was compromised.
The attacks came as the Obama administration considers taking action against the Syrian government, which has been locked for more than two years in an increasingly bloody struggle against rebels.
In August, hackers promoting the Syrian Electronic Army (SEA) simultaneously targeted websites belonging to CNN, Time and the Washington Post by breaching a third party service used by those sites.
The SEA managed to gain control of the sites by penetrating MelbourneIT, an Australian internet service provider that sells and manages domain names including Twitter.com and NYTimes.
Officials at The New York Times, which identified MelbourneIT as its domain name registrar and the primary hacking victim, warned its employees to stop sending sensitive emails from their corporate accounts.
MelbourneIT spokesman Tony Smith said that login credentials from one of its resellers had been used improperly.
Once MelbourneIT was notified, he said, the company restored the correct domain name settings, changed the password on the compromised account, and locked the records to prevent further alterations.
"We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies," Mr Smith said.
"We will also review additional layers of security that we can add to our reseller accounts."
Twitter did not respond to requests for comment.
In a blog post, the company said: "It appears DNS (domain name system) records for various organisations were modified, including one of Twitter's domains used for image serving, Twimg.com. Viewing of images and photos was sporadically impacted."