Hackers hijacked the DNS records of a series of well known websites yesterday evening, including The Telegraph, The Register and Acer.
Visitors to the affected sites were redirected to a message from a Turkish hacking group that read: “We TurkGuvenligi declare this day as World Hackers Day.” The websites of Vodafone, Betfair, UPS and National Geographic were also hit in the same attack.
The hackers responsible told The Guardian in an email interview that they were expert in exploiting web vulnerabilities and did so for entertainment.
He wrote: “The Register‘s website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services – in other words, anything that requires a password – as a precaution.”
Zone-h reports that the affected sites all share the same registrar, NetNames, saying: “It appears that the turkish [sic] attackers managed to hack into the DNS panel of NetNames using a SQL injection and modify the configuration of arbitrary sites.”
Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog that it may take several hours for the corrected DNS information to propagate worldwide and warned users against logging onto affected websites.
“If you’re in the habit of visiting and logging into the affected sites, you might be wise to clear your cookies so the hackers aren’t able to steal any information from you,” he wrote.
The DNS system acts as the Internet’s phone book, converting domain names such as eweekeurope.co.uk into machine readable numbers – the actual IP address. Its security is critical to the functioning of the internet.
In July, Nominet, the registry for.uk domain names began offering a free-trial of the DNS Security Extension (DNSSEC), which ICANN approved for use in the US last year.
It is designed to guarantee that DNS information returned in a query is valid, from the intended source and its integrity has not been compromised during transmission.
The secure protocol specifically protects against two types of attack known as “cache poisoning” and “man-in-the-middle attacks” that can be used to distribute malicious software and commit fraud by directing users to phony sites.
Back in December 2009, for example, the DNS settings for Twitter.com were hijacked, resulting in the redirection of around 80 percent of the service’s traffic to a site purporting to be under the control of the Iranian Cyber Army.
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
US Supreme Court says it will hear appeal of TikTok and parent ByteDance against ban…
Japanese start-up Space One destroys Kairos rocket for second time shortly after launch, as country…
World's biggest EV battery maker CATL aims to build 1,000 battery-swap stations next year, rising…
Facebook has 'severely restricted' news content from Palestinian outlets since October 2023 amidst bias concerns,…
Amazon faces strike actions at facilities across US days before Christmas as union members authorise…