Top level domain names hijacked

Serbian crackers redirect traffic to a political page

The domain names of high-profile companies like Adidas and Manchester United were hijacked this week by a group of Serbian crackers intent on redirecting traffic to a page containing a political message about the war in Kosovo.

The registration details and DNS (Domain Name System) entries of a large number of companies with .com domains registered by Network Solutions were altered on Sunday.

Network Solutions has confirmed the incident but denies reports stating that up to 2000 Web sites were affected. "Considerably fewer than those numbers of domain names already cited in some news accounts were subject to attack this week," says a spokeswoman. She refuses to disclose the actual figures.

According to Network Solutions, the domain names that were compromised belonged to sites with the lowest level of security they offer. This means that a single email from that domain was enough to verify a change of registration details and DNS server. For higher levels of security, administrators need to send an encrypted request and will then receive a confirmation code via email which they must reply to.

Parties apparently hailing from Serbia managed to spoof email addresses from a number of such sites in order to order these changes with Network Solutions.

The DNS servers for these sites were transferred to another provider and then each individual entry was redirected to a page proclaiming, "KOSOVO IS SERBIA," and "Be happy if we hacked your site because we hack ONLY the best sites on the Internet!"

The Network Solutions spokeswoman claims the company has taken the steps necessary to sort out the problem. "As soon as we became aware of the situation, we quickly addressed it and took steps to prevent further unauthorised changes. To the best of my knowledge, we have detected the unauthorised modifications and corrected the discrepancies," she says.

Other security experts are less forgiving of the security precautions put in place by these Web sites. Paul Cronin, head of penetration testing at CenturyCom comments, "This latest hacking episode appears to be more a case of sloppy security procedures than poor technology."

Although many sites have now been returned to normal, technical director of UK Internet company Web DNS Limited Alex Jeffreys points out that some administrators have not been alerted to the problem. "The onus is on whoever owns the domain," he says.

What do you think? Tell the Mailroom. And read what others have said.

Take me to Hackers

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All