Cyber Incident Victim: Newsweek
Date:
Sep 2016
Location:
United States of America
Summary
Newsweek's website experienced a distributed denial-of-service (DDoS) attack that rendered it inaccessible for hours following the publication of an investigative article alleging a Trump company violated the U.S. embargo against Cuba. The attack coincided with prominent cable news coverage of the story, overwhelming the site's servers with traffic initially suspected to be organic before forensic analysis indicated malicious orchestration. The publication's IT team identified primary involvement from Russian IP addresses but emphasized the investigation remained inconclusive regarding attribution. Service was restored after overnight mitigation efforts, though the outlet noted other platforms had already disseminated the article during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 29, 2016, Newsweek published an investigative article titled "How Donald Trump’s company violated the United States embargo against Cuba" at approximately 5:30 AM Eastern Time. The piece alleged that Trump's organization secretly conducted illegal business operations in Cuba during Fidel Castro's presidency and attempted to disguise these activities through post-hoc charitable linkages. Later that evening, during prominent cable news program coverage of the story, Newsweek's website experienced a sustained outage lasting several hours. Initial internal assessments considered high reader traffic as a potential cause, but subsequent technical analysis revealed a distributed denial-of-service (DDoS) attack characterized by overwhelming traffic volumes targeting the site's infrastructure. Editor-in-Chief Jim Impoco described the incident as a "massive" and "fairly sophisticated" attack that commenced in the early evening hours coinciding with television discussions of the Trump-Cuba story.
Newsweek's IT personnel responded immediately to mitigate the attack, working overnight to restore website functionality. Forensic investigation identified Russian IP addresses as primary sources of the malicious traffic, though Impoco emphasized no definitive attribution conclusions had been reached by the following afternoon. The outage prevented direct access to the article during peak news cycles, though other media outlets' republication ensured continued public availability of the story. Author Kurt Eichenwald publicly documented the disruption via Twitter, transitioning from initial traffic-related explanations to confirmed hack suspicions within 24 hours. The Trump campaign indirectly validated aspects of the reporting when manager Kellyanne Conway acknowledged one payment referenced in the article during a television appearance. Newsweek maintained operational continuity through the incident while continuing technical investigations into attack vectors and perpetrators as of September 30.