Google And Apple Sites Downed In Massive Pakistani DNS Hack

Hackers in Pakistan have reportedly hacked the organisation managing domain name servers to redirect users to their own site, disrupting access to major services such as Gmail and eBay.

Rather than serving malware to users, the hackers said they simply wanted to highlight weak security at PKNIC, which manages part of the Domain Name System (DNS) for a variety of the country’s top level domains, including .com.pk and .pk.

Almost 300 sites were affected by the DNS hack in total, including Google, Yahoo, eBay, Apple, Microsoft, HP, HSBC and PayPal, reports claimed. When users tried to access those sites they were greeted with a page featuring two penguins walking across a bridge, with a message reading: “Pakistan Downed.”

Defacement DNS hack debacle

It’s unclear who was behind the DNS hack, as two separate groups have taken credit. One, called ‘eboz’, took credit for the hit on the actual defacement, as listed on the Zone-H website (see image below).

But a trade site called Pro Pakistani said it had received information from a hacking group, which did not appear to be directly affiliated with eboz, which claimed to have exposed a variety of flaws in the PKNIC system.

DNS can be hit in a variety of ways. Earlier today, TechWeekEurope reported that a number of sites hosted by Go Daddy had their DNS records changed, with certain subdomains created to point to malicious web pages.

This technique allows attackers to use “legitimate-looking URLs in their attacks, which can help to evade security filtering and trick users into thinking the content must be safe”, said security company Sophos.

Update: It emerged that the group Eboz was apparently Turkish, and appears to have hit on Pakistan.

Think you’re a security pro? Try our quiz!