Google and Microsoft fall victim to Pakistani hack

Summary:The attack, which saw 285 sites defaced, appears to have involved the alteration of their DNS entries. A Pakistani hacker group has reportedly claimed that the servers of .pk registrar PKNIC provided the necessary vulnerabilities.

The Pakistani websites of Google, Microsoft and hundreds of others have fallen victim to a hack attack that led to their defacement.

The attack became apparent on Saturday, according to the ProPakistani IT blog, which explained that someone had changed the DNS entries for 285 .pk domains that had been managed by the Thomson-Reuters subsidiary MarkMonitor, effectively redirecting visitors to those sites to the hacker's own domain.

Rather than taking people to their web searches or gift-buying expeditions, the sites were displaying a photograph of penguins, the words "Pakistan Downed" in English, and an obscure message in Turkish. The hacker identified him or herself as 'eboz'.

On Monday, ProPakistani reported having received an email from a Pakistani hacker group that detailed serious vulnerabilities at the .pk registrar, PKNIC, and said these flaws were the "only reason" for the attack's success on Saturday.

According to that report, PKNIC's servers are vulnerable to Boolean-based and time-based blind SQL injection, cross-site scripting and 'sensitive directory disclosure'.

At the time of writing, Microsoft and Google's Pakistani sites were back up and running.

ZDNet has approached both PKNIC and MarkMonitor for comment, but had received none at the time of writing.

Topics: Security, Google, Microsoft

About

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.