A number of major sites have suffered as a result of a DNS hack, from what appears to be the same Turkish hackers who took down a number of Korean websites last month.
Sites including vodafone.com, ups.com, popular technology website theregister.co.uk and a vast number of Korea registered sites, were either brought down or redirected to a page set up by the hackers themselves. While seven major sites were hit today, it is believed that nearly 200 websites have been affected, so far.
Even our ZDNet Korea site appeared to have been hit at one time, the list suggests.
(Image via Twitter)
While many of these websites restored service quickly, it is wholly dependent on the DNS system — which can take up to 72 hours to propagate new settings. Some websites are still down, after DNS entries are being set to their original setting.
The full list of sites affected can be found here, courtesy by Zone-H.
Last month, the Turkish hacker group broke into several Korean websites, including those of Epson and HSBC, after domain registrar Gabia was hacked, exposing over 100,000 domains and an estimated 350,000 users.
The hacking group, using the pseudonym ‘TG’ or ‘TurkGuvenligi’, boasted of the original hack in an email to ZDNet. It appears that the same hacker hit again, after the hackers claimed responsibility for the previous hack an interview with the Guardian.
DNS hacks enable hackers to redirect users to any site they wish. These kind of hacks are not typically easy, but rely on weaknesses in domain registrars — through the usual means of password breaking or vulnerability spotting — to access the settings pages to cause disruption.
Like the Gabia hack last month, the more difficult hack seems to reap the larger reward — by giving access to the domain records of hundreds, if not thousands of websites.
But because of the way the DNS (domain name system) works, not all users will be affected, as Sophos points out.
Related content:
