Posts tagged: Domain Hijack

Jan 25 2012

Attackers Using DNS Poisoning to Hijack Domains, Divert Traffic

DNS PoisoningSeveral “activist hackers” appear to be using DNS poisoning and other attacks against the Domain Name System to divert users away from legitimate sites.

Instead of just launching distributed denial-of-service attacks, cyber-attackers have started hijacking domain names and redirecting traffic from legitimate sites to malicious ones.

The hacker group Anonymous recently managed to hijack the Domain Name System record for CBS.com and redirected all traffic to another Web server that displayed an empty directory structure. It appeared as if the contents of CBS.com had been wiped, but it was actually a different server altogether. CBS.com managed to regain control of its domain after the DNS poisoning attack.

A group of attackers called UGNazi, which may or may not have Anonymous sympathies, was behind a similar attack on the Website of the Ultimate Fighting Championship over the weekend. The UFC had supported the controversial Stop Online Piracy Act and Protect IP Act bills, which are now temporarily shelved in Congress. The same group hijacked two domains belonging to luxury handbag and leather goods retailer Coach and diverted the traffic.

“We arn’t done…not even close,” the attackers wrote on their Website. A short list of “targets” on the site explained the attacks were a result of the organizations’ support of SOPA.

Both Coach and UFC registered their domains through Network Solutions. It was evident the attackers had accessed Network Solutions’ domain management accounts. While it was unclear how they had done so, the cause is usually weak or compromised user passwords or a vulnerability in the registrar’s Website.

SOPA-related attacks continued this week and don’t appear to be abating. Anonymous attacked OnGuardOnline, a government-managed Website devoted to keeping users secure online. Some Anonymous members said the OnGuardOnline attack was in retaliation for SOPA and PIPA, as well as the proposed international agreement on combating online piracy, according to a message posted Jan. 23 on text-sharing site Pastebin,.

“If SOPA/PIPA/ACTA passes we will wage a relentless war against the corporate Internet, destroying dozens upon dozens of government and company Websites,” the message read.

Feb 26 2010

How hackers took down Baidu

Baidu Hacked

China’s leading search engine claims a shocking lack of security nous at its chosen domain name registrar was responsible for a prolonged outage last month.

China’s Baidu says in legal papers that that an obvious scammer was able to con Register.com support staff into handing over the keys to its kingdom, resulting in millions of dollars of lost revenue.

Baidu, which commands 70 percent of the Chinese search market, was offline for at least four hours on the 12th of January. During the incident, its baidu.com home page instead showed the messaged “This site has been hacked by the Iranian Cyber Army”.

In its lawsuit, the company claims a Register.com support rep allowed the hacker to reset the administrative email address for the domain to ‘antiwahabi2008@gmail.com’, despite the imposter providing obviously incorrect security codes during an online chat.

The hacker then allegedly used Register’s automated password reminder function to change Baidu’s account password, giving him access to the domain’s name servers. The whole rudimentary scam took less than 45 minutes, Baidu claims.

Baidu is suing for negligence and breach of contract, among other things. Register.com denies the charges. The case is being heard in New York.

Source: THINQ.co.uk