Hacktivists deface multiple Sri Lankan domains, including Google.lk

Authorities said they detected the attack a few hours after it started and blocked it on Saturday.
Written by Catalin Cimpanu, Contributor

A mysterious group of hacktivists has poisoned the DNS records of several Sri Lankans (.lk) websites on Saturday and redirected users to a web page detailing various social issues impacting the local population.

While most of the affected domains were websites for local businesses and news sites, two high-profile domains for Google.lk and Oracle.lk, were also impacted, readers told ZDNet on Saturday.

The following message was displayed on Google.lk for a few hours before authorities intervened. The message highlights issues with the local tea-growing industry, freedom of the press, the alleged corrupt political class and judicial system, and racial, minority, and religious issues.

Image: ZDNet

This attack took place on Saturday, February 6, just two days after Sri Lanka's official national independence day, on February 4, which explains the nationalistic message.

NIC.lk, the administrator of the country's national LK top-level domain space, confirmed the attack on Saturday in a message posted on its website.

"An issue with the .LK Domain Registration System arose early in the morning of Saturday, February 6th, which affected a few domains registered in .LK," the organization said. "This issue was attended to expeditiously, and the matter was resolved by approx. 8.30 a.m."

The Telecommunications Regulatory Commission of Sri Lanka also confirmed the incident in a tweet on its account.

Details about the attack and the number of impacted domains have not been made public. A NIC.lk spokesperson did not respond to a request for comment sent by ZDNet on Sunday.

The attack didn't go unnoticed in Sri Lanka, and several users tweeted about it over the weekend, even if the incident was active for only a few hours.

This is the second cyber-security-related incident that impacts the NIC.lk organization. In 2013, hackers used an SQL injection attack to breach its database and steal data about .lk domain owners.

The worst IoT, smart home hacks of 2020 (so far)

Editorial standards