Turkish hackers strike websites with DNS hack

Websites belonging to major companies were redirected to a defacement page via DNS record tampering

A Turkish hacking group managed to tamper with Internet addressing records over the weekend, redirecting dozens of websites belonging to companies including Microsoft, UPS and Vodafone to a different web pages controlled by the hackers.

According to Zone-H, a website that tracks defacements, 186 websites were redirected to a page controlled by "Turkguvenligi." A message on the redirect page read: "4 Sept. We Turkguvenligi declare this day as World Hack­ers Day - Have fun ;) h4ck y0u."

All of the websites were registered through NetNames, which is part of NBT group. NetNames provides DNS (Domain Name System) services for the websites, which is the system used to translates a domain name into an IP address that can be called into a web browser.

Turkguvenligi managed to hack NetName's DNS servers through a SQL injection attack, which involves putting commands into a web-based form to see if the back-end database responds. If those commands aren't scanned for malicious code, an attacker could gain access to the system.

In the case of NetNames, Turkguvenligi put a redelegation order into the company's system and changed the address of the master DNS servers that served data for the websites, according to a statement from NetNames. The attack occurred around 9 p.m. BST on Sunday.

"The rogue name server then served incorrect DNS data to redirect legitimate web traffic intended for customer web sites through to a hacker holding page branded Turkguvenligi," the statement read. "The illegal changes were reversed quickly to bring service back to the customers impacted and the accounts concerned have been disabled to block any further access to the systems."

The hack accomplished by Turkguvenligi is a powerful one. Although it appears the goal of the group was just to vandalize the sites for a while, the group could have set up lookalike sites for the real ones, tricking users into thinking they were on the legitimate site and possibly stealing logins and passwords.

Two of HSBC's banking sites -- one with a country-code Top Level Domain in South Korea and one in Canada -- were targeted, according to the list compiled by Zone-H.

Other websites affected were those belonging to The Telegraph newspaper, The Register technology news site, Coca-Cola, Interpol, Adobe, Dell, several Microsoft country sites, Peugeot, Harvard University and the security companies F-Secure, BitDefender and Secunia. The website for Gary McKinnon, the so-called NASA hacker who is appealing extradition to the U.S. on hacking charges, was also hit.

The Register wrote that its website was not breached and that service was restored about three hours after the attack.

"As far as we can tell there was no attempt to penetrate our systems," wrote Drew Cullen . "But we shut down access/services - in other words, anything that requires a password - as a precaution."

DNSSEC, a security measure now being deployed by many registrars to guard against DNS tampering may not have prevented this kind of attack, said Paul Mutton , a security analyst with Netcraft.

DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. It is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website.

"If the attacker was able to change the DNS settings held by the domain registrar, presumably they could also have changed other settings, such as disabling DNSSEC, or rather, simply change the DNS settings to point to nameservers that do not support DNSSEC."

NetNames described the attacks against its systems as being "sustained and concentrated." "We will continue to review our systems to ensure that we provide our customers a solid, robust and above all secure service," it said.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusionsecuritydata breachdata protectionNetNames UK

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?