Hackers hijacked the DNS records of a series of well known websites yesterday evening, including The Telegraph, The Register and Acer.
Visitors to the affected sites were redirected to a message from a Turkish hacking group that read: “We TurkGuvenligi declare this day as World Hackers Day.” The websites of Vodafone, Betfair, UPS and National Geographic were also hit in the same attack.
The hackers responsible told The Guardian in an email interview that they were expert in exploiting web vulnerabilities and did so for entertainment.
He wrote: “The Register‘s website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services – in other words, anything that requires a password – as a precaution.”
Zone-h reports that the affected sites all share the same registrar, NetNames, saying: “It appears that the turkish [sic] attackers managed to hack into the DNS panel of NetNames using a SQL injection and modify the configuration of arbitrary sites.”
Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog that it may take several hours for the corrected DNS information to propagate worldwide and warned users against logging onto affected websites.
“If you’re in the habit of visiting and logging into the affected sites, you might be wise to clear your cookies so the hackers aren’t able to steal any information from you,” he wrote.
The DNS system acts as the Internet’s phone book, converting domain names such as eweekeurope.co.uk into machine readable numbers – the actual IP address. Its security is critical to the functioning of the internet.
In July, Nominet, the registry for.uk domain names began offering a free-trial of the DNS Security Extension (DNSSEC), which ICANN approved for use in the US last year.
It is designed to guarantee that DNS information returned in a query is valid, from the intended source and its integrity has not been compromised during transmission.
The secure protocol specifically protects against two types of attack known as “cache poisoning” and “man-in-the-middle attacks” that can be used to distribute malicious software and commit fraud by directing users to phony sites.
Back in December 2009, for example, the DNS settings for Twitter.com were hijacked, resulting in the redirection of around 80 percent of the service’s traffic to a site purporting to be under the control of the Iranian Cyber Army.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…