In association with heise online

05 September 2011, 09:42

Popular sites hit by DNS hijack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Affected sites displayed this page
Zoom Affected sites displayed this page
A number of popular web sites were hit by a DNS hijack attack; The Daily Telegraph, UPS, The Register, National Geographic, Vodafone, Betfair and Acer were all affected. By modifying the DNS records for the sites, rather than directly attacking them, visitors to the sites were redirected to a site by "TurkGuvenligi" which declares "h4ck1n9 is not a cr1m3". Some of the sites shut down password protected services during the attack to ensure that users attempting to log in were not compromised. Correct DNS records have now been generated and have been propagating in the DNS system overnight.

According to Zone-H, an index of site defacements, what the targeted sites have in common is that they all use NetNames as a registrar. Zone-H believes that the Turkish hackers used an SQL injection attack on the DNS panel of NetNames and switched the name server of the sites to their own name servers (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com). This isn't the first time that TurkGuvenligi have hijacked the DNS records of sites: in the past they have redirected, among others, hsbc.kr, freegary.co.uk, secunia.com and systemofadown.com.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1336589
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit