Several websites fell victim to a Domain Name System hijack carried out by Turkish hackers looking for laughs
Hackers hijacked the DNS records of a series of well known websites yesterday evening, including The Telegraph, The Register and Acer.
Visitors to the affected sites were redirected to a message from a Turkish hacking group that read: “We TurkGuvenligi declare this day as World Hackers Day.” The websites of Vodafone, Betfair, UPS and National Geographic were also hit in the same attack.
Hackers’ Turkish delight?
The hackers responsible told The Guardian in an email interview that they were expert in exploiting web vulnerabilities and did so for entertainment.
He wrote: “The Register‘s website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services – in other words, anything that requires a password – as a precaution.”
Zone-h reports that the affected sites all share the same registrar, NetNames, saying: “It appears that the turkish [sic] attackers managed to hack into the DNS panel of NetNames using a SQL injection and modify the configuration of arbitrary sites.”
Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog that it may take several hours for the corrected DNS information to propagate worldwide and warned users against logging onto affected websites.
“If you’re in the habit of visiting and logging into the affected sites, you might be wise to clear your cookies so the hackers aren’t able to steal any information from you,” he wrote.
The Internet’s phonebook
The DNS system acts as the Internet’s phone book, converting domain names such as eweekeurope.co.uk into machine readable numbers – the actual IP address. Its security is critical to the functioning of the internet.
It is designed to guarantee that DNS information returned in a query is valid, from the intended source and its integrity has not been compromised during transmission.
The secure protocol specifically protects against two types of attack known as “cache poisoning” and “man-in-the-middle attacks” that can be used to distribute malicious software and commit fraud by directing users to phony sites.
Back in December 2009, for example, the DNS settings for Twitter.com were hijacked, resulting in the redirection of around 80 percent of the service’s traffic to a site purporting to be under the control of the Iranian Cyber Army.