Hacker points Syrian telecom website to AT&T, T-Mobile

The prank also pointed email servers for the Syrian Telecommunication Establishment to Israel and Iran

The website of a Syrian telecommunications provider redirected to AT&T's website and then T-Mobile's on Wednesday, an apparent prank by a hacker who has been probing the country's internet infrastructure for several days.

The website of a Syrian telecommunications provider redirected to AT&T's website and then T-Mobile's on Wednesday, an apparent prank by a hacker who has been probing the country's internet infrastructure for several days.

The website of a Syrian telecommunications provider redirected to AT&T's website and then T-Mobile's on Wednesday, an apparent prank by a hacker who has been probing the country's Internet infrastructure for several days.

The hacker apparently found a way to modify the authoritative DNS (Domain Name System) record for the Syrian Telecommunications Establishment (STE), said Doug Madory, senior analyst with Renesys, a company that monitors global Internet activity.

The style of hack is similar to one that affected The New York Times, Twitter, Sharethis and others on Tuesday when certain domain names they controlled were pointed to an IP address controlled by the Syrian Electronic Army (SEA), a group of pro-Syrian government cyberattackers.

DNS is a distributed database that translates domain names, such as twitter.com, into an IP address that can be called up in a browser.

The DNS server used by STE also runs several other Web services "which is quite unusual for high-profile DNS servers," said Andree Toonk, founder of the network monitoring company, BGPmon.net.

"It's not unlikely the attacker gained access to this machine exploiting one of these services," Toonk said.

The attack on STE also modified the organization's mail exchange (MX) records, which are used to route email messages.

At one point, STE's MX record pointed to a domain in Israel. The record was then changed to point to a mail server run by Iran's presidential office, Madory said. Then the hacker changed it once more to "oliver.tucket.boom."

On Wednesday, The Washington Post published an interview with a person going by the pseudonym "Oliver Tucket," who took credit for a series of attacks on the Syrian's government's infrastructure.

The Post identified him as an American white-collar worker who has sought to embarrass President Bashar al-Assad's regime. A Twitter account, @olivertuckedout, showed several tweets on Sunday claiming attacks against Syria. The person running that Twitter account could not immediately be reached.

It's unlikely that the MX record tampering actually allowed the hacker to intercept emails, although that in theory is possible. Emails directed to another server that is not configured correctly to receive mail would be rejected, Madory said.

The MX record tampering is likely designed "more just to embarrass," Madory said.

Syria's government has waged a long-running, bloody campaign against rebels seeking to topple al-Assad's government. In protest of coverage of the conflict, the SEA has conducted a range of cyberattacks against the websites and Twitter accounts of media outlets such as the Financial Times, the Associated Press, The Guardian, BBC and Al Jazeera.

The SEA's attack on Tuesday compromised a reseller of domain name services affiliated with Australia-based Melbourne IT.

Through a spear phishing email, the group gained account credentials that allowed it to modify authoritative DNS records for many websites, redirecting people to a website in Russia that it controlled.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Syrian Telecommunications Establishmentsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?