Hackers hijack DNS records of high profile New Zealand sites

Hackers hijack DNS records of high profile New Zealand sites

Summary: Remember the DNS hijackings of such high profile sites such as Comcast, Photobucket, and ICANN/IANA domains that were taking place last year? Similar incidents are still happening.

SHARE:
TOPICS: Security, Microsoft
19

Remember the DNS hijackings of such high profile sites such as Comcast, Photobucket, and ICANN/IANA domains that were taking place last year? Similar incidents are still happening.

Today, a web site defacement group known as "The Peace Crew" has successfully hijacked the DNS records for high profile New Zealand web sites, through what Zone-H claims to be a SQL injection at New Zealand's based registrar Domainz.net, in order to redirect the visitors to a defaced page featuring the infamous Bill Gates pieing photo, as well as anti-war messages.

The mass defacement affected major Microsoft sites in New Zealand including WindowsLive.co.nz, MSN.co.nz, Microsoft.co.nz, Hotmail.co.nz, Live.co.nz next to HSBC.co.nz, Sony.co.nz, Coca-Cola.co.nz, Xerox.co.nz, Fanta.co.nz, F-Secure.co.nz and BitDefender.co.nz.

Here's Microsoft's comment:

According to NZHerald:

"MSN have responded by issuing a short statement from MSN business manager Liz Fraser this afternoon. "The cause of this discrepancy has been identified and we are currently working with our Microsoft technology and security teams in the US to resolve the matter as quickly as possible today. "We apologise for any inconvenience this may have caused," the statement said."

Once control to the domain registrar's web panel was obtained, members of the Peace Crew used fatih1.turkguvenligi .info and fatih2.turkguvenligi .info as primary DNS servers delivering the defaced pages, and making it look like the sites themselves have been compromised.

The group is not new on the defacement scene, in fact one of its members has been keeping himself pretty busy during this month by having already defaced thirteen web servers belonging to NASA, using the same template.

Topics: Security, Microsoft

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Hackers hijack DNS records of high profile New Zealand sites

    This shows that linux users have no respect for others. When they target Microsoft like this it only makes them and their community look bad. And then they wonder why nobody uses their OS.
    Loverock Davidson
    • Actually, the hacked DNS server ran Linux

      [i]And then they wonder why nobody uses their OS.[/i]

      You are wrong, a [b]very[/b] important site in this story was being used. The hosted sites weren't hacked, it was the DNS server that was hacked. 3 guesses as to which OS was being used by domainz.net.nz, the site that [b]was[/b] hacked? :)
      NonZealot
      • Then its really bad

        when linux is turning on its own people and self destructing. They do far more damage to themselves than anyone else ever could.
        Loverock Davidson
      • I don't think so

        AFAICT the hacked servers were running IIS/ASP
        (old-style ASP; not ASP.NET).

        These were SQL injection attacks. IIS/Apache
        does not have SQL and are immune to this. This
        was an application level attack and the bad
        coders were the app developer, not Apache,
        Zend, Microsoft or Torvalds.

        PHP and to some extent ASP.classic are
        notorious for luring incompetent web developers
        down the path to SQL injection vulnerabilities.
        PHP's variable interpolation and "addslashes"
        and magic quotes are infamous for this. ASP
        didn't have that (I use past tense as it went
        out of fashion in 2001/2), but it does make it
        a lot of pain to code db queries the "correct"
        way - i.e. with proper parameterized
        statements.
        honeymonster
        • You got it. Parameterized queries stop SQL injection

          PHP. Ughhh. I can't tell you how often I see hacks probing for php apps using remote db calls.

          If I see them in the log more than once, they get added to a badips list which is put into iptables for drop.

          Buh bye.

          I run openSUSE Linux, AppArmor, Apache, MySQL and Perl and haven't had one hack get through ever.

          --Dietrich
          Twitter @dtschmitz
          no_zd_user_name
      • Hacking the control panel is the same than hacking the OS???

        They got access to the Domain company's control panel, that is a web application, it has nothing to do with the OS itself.. The linux, Windows or whatever only changed his DNS records because it is supposed to listen to the control panel commands, is not the OS fault.
        Caudiox
      • NOT the DNS server itself... but

        the cPanel for the Webhost, or name registrar, through sql injection somehow.
        pcguy777
    • Missing it

      I read the article three times. Where does it say it was linux users who hacked the server?
      Lunatic59
      • It doesn't say

        It doesn't say that they were Linux users. They probably deduced that fact because Microsoft was a part of the target. The two groups of people that hate Microsoft the most are Mac Zealots and Linux Zealots... Mac Zealots couldn't hack their way out of a wet paper bag.
        mikefarinha
        • By any chance ...

          <i>Mac Zealots couldn't hack their way out of a wet paper bag. </i>

          ... would that be the iBag?
          Lunatic59
        • You owe me a screen cleaner

          "Mac Zealots couldn't hack their way out of a
          wet paper bag."

          I just sprayed my screen with coke, you cruel
          being! You did that on purpose.
          honeymonster
          • dooood he laughed so hard he iBagged it broh.

            LOLO
            pcguy777
        • MacHacker 1.0

          [i]Mac Zealots couldn't hack their way out of a wet paper bag[/i]

          I resemble that remark. I am a little bit rusty, and obviously from an old
          school, but back in the day, I only hacked away at testbeds. I am a
          zealot for the Mac, but the only reason I am one is: reliability varies
          indirectly with applied care and feeding.

          Which is to say, I put nearly nothing into the maintenance of these Mac's I
          own, and they do seem to be getting more reliable.
          gjsherr
      • Yes, you did miss it

        Re-read NonZealot's post three times. You will see it claims/infers that the server was running Linux - not the hackers.
        skiddo24
    • Another FUD meesage from your friendly neighbourhood CMIC.

      Rockhead...Your record is perfect so far....zero, Zero, ZERO!
      linux for me
    • One doesn't mean all.

      A few rogue linux users doesn't mean the entire community is the same. If a few males humans in the world are child molesters then do you consider all human males in the world child molesters?
      Please consider these morons are only a few people that take advantage of the system.
      phatkat
    • Wow...

      ...that comment was so clueless that you even have me believing you are an actual MS fanboi idiot rather than someone trolling for chuckles...
      DCMann
  • RE: Hackers hijack DNS records of high profile New Zealand sites

    While successful, this attack has nothing to do with failures in the DNS system itself, but rather with the construction of the web application used by the .co.nz registry operator (if in fact a SQL injection attack was used). Unfortunately, this could happen to also any web site if improper software development techniques are used, or someone introduces a bug.

    As the value of domain names goes up, we can all expect these types of attacks (and many others) to grow in number of occurrences. You can protect your own domain by ensuring it is registered through a reputable registrar, in a "locked" status, and by using a high quality DNS host, and if possible, use DNSSEC to /help/ secure your domain.
    tomdyninc
  • RE: Hackers hijack DNS records of high profile New Zealand sites

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut