In association with heise online

21 June 2013, 11:55

DNS provider's error caused LinkedIn "hack" and affected 5,000 more

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Traffic graph
Zoom The traffic redirection effect can be seen in this graph.
Source: Cisco
LinkedIn, the professional networking site which had been reported as hacked or hijacked yesterday, was in fact the victim of human error at the company's DNS provider, Network Solutions, an error which appears to have affected up to 5,000 domains in all. Network Solutions has said in a blog posting that while trying to resolve a DDoS (Distributed Denial of Service) attack, it accidentally changed the DNS records of a "small number" of customers.

According to Cisco security researcher, Jaeson Schultz, the 'hijacking' involved the domain's name servers being replaced with name servers at and nearly 5,000 domains may have been affected by the change, including Others affected included Fidelity and Yelp. Curiously, several of the domains pointed not at itself but to various sub-domains such as,,, and so on. "The fact that so many domains were displaced in such a highly visible way supports Network Solutions’ claim that this was indeed a configuration error", says Schultz

The name servers were configured to reply with addresses in the range.That range is the IP range of a service provider, Confluence Networks. Given that DNS hijackings can enable the stealing of session cookies or users being guided to malware or phishing pages, suspicions that the redirection was malicious were high. Upon observing the incoming traffic, Confluence Networks put information about the problem on its web page, saying it had got in touch with affected parties to try and identify the source of the problem.

Meanwhile, the Cisco researcher recommends that anyone with a Network Solutions registered domain should check that their name servers are pointed at the right servers and suggests that administrators check logs for connections to the subnet. Schultz closes, saying, "Organizations need to carefully consider how they would swiftly identify unauthorized modifications to their DNS records and how they would react to such a situation."


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit