Hackers Hijack The Register And The Telegraph

Hackers hijacked the DNS records of a series of well known websites yesterday evening, including The Telegraph, The Register and Acer.

Visitors to the affected sites were redirected to a message from a Turkish hacking group that read: “We TurkGuvenligi declare this day as World Hackers Day.” The websites of Vodafone, Betfair, UPS and National Geographic were also hit in the same attack.

Hackers’ Turkish delight?

The hackers responsible told The Guardian in an email interview that they were expert in exploiting web vulnerabilities and did so for entertainment.

Reporting on the incident, The Register’s Drew Cullen wrote this morning that the site’s DNS (Domain name System) records were restored after around three hours.

He wrote: “The Register‘s website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services – in other words, anything that requires a password – as a precaution.”

Zone-h reports that the affected sites all share the same registrar, NetNames, saying: “It appears that the turk­ish [sic] attack­ers man­aged to hack into the DNS panel of Net­Names using a SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites.”

Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog that it may take several hours for the corrected DNS information to propagate worldwide and warned users against logging onto affected websites.

“If you’re in the habit of visiting and logging into the affected sites, you might be wise to clear your cookies so the hackers aren’t able to steal any information from you,” he wrote.

The Internet’s phonebook

The DNS system acts as the Internet’s phone book, converting domain names such as eweekeurope.co.uk into machine readable numbers – the actual IP address. Its security is critical to the functioning of the internet.

In July, Nominet, the registry for.uk domain names began offering a free-trial of the DNS Security Extension (DNSSEC), which ICANN approved for use in the US last year.

It is designed to guarantee that DNS information returned in a query is valid, from the intended source and its integrity has not been compromised during transmission.

The secure protocol specifically protects against two types of attack known as “cache poisoning” and “man-in-the-middle attacks” that can be used to distribute malicious software and commit fraud by directing users to phony sites.

Back in December 2009, for example, the DNS settings for Twitter.com were hijacked, resulting in the redirection of around 80 percent of the service’s traffic to a site purporting to be under the control of the Iranian Cyber Army.