Must Read: The HTC One Google Edition? A Sense-less plan, if you ask me

Topic: Networking

DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

Summary: A number of high-profile websites have redirected users, after DNS entries were hacked into by a Turkish hacker, who attacks Korean websites last month.

Zack Whittaker

By for Between the Lines |

A number of major sites have suffered as a result of a DNS hack, from what appears to be the same Turkish hackers who took down a number of Korean websites last month.

Sites including vodafone.com, ups.com, popular technology website theregister.co.uk and a vast number of Korea registered sites, were either brought down or redirected to a page set up by the hackers themselves. While seven major sites were hit today, it is believed that nearly 200 websites have been affected, so far.

Even our ZDNet Korea site appeared to have been hit at one time, the list suggests.

(Image via Twitter)

While many of these websites restored service quickly, it is wholly dependent on the DNS system -- which can take up to 72 hours to propagate new settings. Some websites are still down, after DNS entries are being set to their original setting.

The full list of sites affected can be found here, courtesy by Zone-H.

Last month, the Turkish hacker group broke into several Korean websites, including those of Epson and HSBC, after domain registrar Gabia was hacked, exposing over 100,000 domains and an estimated 350,000 users.

The hacking group, using the pseudonym 'TG' or 'TurkGuvenligi', boasted of the original hack in an email to ZDNet. It appears that the same hacker hit again, after the hackers claimed responsibility for the previous hack an interview with the Guardian.

DNS hacks enable hackers to redirect users to any site they wish. These kind of hacks are not typically easy, but rely on weaknesses in domain registrars -- through the usual means of password breaking or vulnerability spotting -- to access the settings pages to cause disruption.

Like the Gabia hack last month, the more difficult hack seems to reap the larger reward -- by giving access to the domain records of hundreds, if not thousands of websites.

But because of the way the DNS (domain name system) works, not all users will be affected, as Sophos points out.

Related content:

Topics: Networking, Browser, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion

  • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

    I think ZDnet UK misunderstood the list of Zone-H, only 7 websites were affected by today's attack, the other 190 in the list are older attacks.
    kevinff
    Reply Vote

    • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

      @kevinff You're right. It's 200 "so far". You're right in saying that only 7 were affected tonight.
      zwhittaker
      Reply Vote

      • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

        @zwhittaker But in the case of the MS Brazil site (written in the title), this was a different method (some admin page found by the attacker).. And for other sites in the list there were other methods;
        I think this article is fine but the Zdnet UK one makes you believe 200 were attacked today :)
        kevinff
        Reply Vote

    • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

      @kevinff

      They probably knew, but by putting Microsoft in the title they have probably brought 1000's of 'haters' to the site.
      daniejam10
      Reply Vote

  • Message has been deleted.

    macevedo1978
    Reply Vote

  • What do "Guvenligi" and "Gel Babana" mean?

    For the linguistically curious, according to Google Translate:
    "guvenligi" translates from Turkish to English as "security is."
    "guven" tranlates as "trust"
    "ligi" translates as "league"
    "gel babana" translates as "come to your father"
    zachman
    Reply Vote

    • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

      @zachman The sum total of it translates to "gibberish".
      thetwonkey
      Reply Vote

  • Turkish hack techjoynt.org.. why now? could have waited a few more decades.

    Turkish hack techjoynt.org.. why now? could have waited a few more decades before we are high profile..

    Just spent the entire long weekend putting content up for this site. Definitely, not a high profile website that I know of this to be... actually not even in business yet... ha haa It was crawling to get on its feet suffered another blow and fell back on the ground :)
    ray@...
    Reply Vote

  • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

    I just got a $829.99 iPad2 for only $103.37 and my mom got a $1499.99 HDTV for only $251.92, they are both coming with USPS tomorrow. I would be an idiot to ever pay full retail prices at places like Walmart or Bestbuy. I sold a 37" HDTV to my boss for $600 that I only paid $78.24 for. I use C o o l C e n t. c o m
    chrizz123
    Reply Vote

    • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

      @chrizz123 Spam much? Beat it!
      thetwonkey
      Reply Vote

  • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

    I had some attacks before on a few domains, the one lesson I always learned was to just back up everything.
    <a href="http://sazkove-kancelaree.cz">s?zkov? tipy</a>
    Thanks
    marco5811
    Reply Vote

  • RE: DNS hack hits 200 major websites: Vodafone, UPS, Acer, Microsoft sites affected

    Nothing is impossible, especially if sloppy programming caused the vulnerability which enabled an SQL injection attack. If we look at the bigger picture, this type of hacking tool is just another form of malware. We offer that Ether2 will enable a path to ensemble computing, where according to Intel research, we will have a higher sensitivity to malware, stronger neighborhood trust models leading to self configuration, and the ability for servers to collaborate in order to defend the network. Secondarily, if it was a DoS attack designed to take the server down by overflowing the buffer, then the fact that nodes can share compute power (basically giving any LAN supercomputing cluster capabilities) would allow load balancing between servers at the edge of the network so the attack couldn?t take hold, and the offending IP addresses could be red flagged, ports blocked, etc. The question about how they got in must be answered. If they sneaked by the session border controller in an encrypted media packet for say a VoIP of video flow, we?ll be running a proprietary watermarking technique to render the executable code inoperable. Then there is the issue of deep packet inspection getting overloaded at the gateway, and Ether2 is 100% distributed so the DPI load would also be running in distributed network chips, as opposed to gateway flooding. In short, we take a more global view on the security issues in networks, and when the network architecture resembles cable TV, it will be a paradigm shift for security.
    JonathanGael
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close