Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Use DNS Attack to Deface Google, Apple, and eBay in Pakistan

On Saturday, hundreds of Pakistani portals and Web sites for some major organizations were by all appearance compromised, and defaced. However, as it turns out, a group of hackers used DNS redirection in order to perform the stunt, which allowed the domains time to recover – but not before the damage was done.

On Saturday, hundreds of Pakistani portals and Web sites for some major organizations were by all appearance compromised, and defaced. However, as it turns out, a group of hackers used DNS redirection in order to perform the stunt, which allowed the domains time to recover – but not before the damage was done.

.PK Domains Hacked Via DNSAccording to mirror records on Zone-H; Pakistani URLs maintained by Sony, Microsoft, Yahoo, PayPal, Fanta, Coke, Apple, HP, and Google all had their DNS poisoned and redistricted to websites with tags from a known Turkish hacking group. The DNS attack was enabled by a vulnerability in the registration scripts used by PKNIC. Some reports indicate that more than 300 domains were affected as a result of the attack.

PKNIC is responsible for the administration of all .PK domain names, including the operation of the DNS for the Root-Servers for .PK itself.

According to reports, PKNIC was warned about the vulnerabilities earlier this month, but dismissed the warnings as a joke or unreliable. In response, the hackers proved their point by targeting some of the largest domains held by them.

As Ram Mohan notes in a SecurityWeek column, “Attackers know that if they can control or impair their target’s DNS, they achieve absolute leverage over their victim.” This is exactly what appears to be the case regarding the affected .pk domains this weekend.

“Why we have wasted our time to hack Pakistani Sites? Just because let us convey our message. We warned you and we were willing to fix your vulnerability but you think we are jokers and you guys took it as a joke? Yes it’s time to bang you guys!!” a translation of a hacked domain reads.

Interestingly enough, it would seem that PKNIC should have known something was wrong, when several Israeli domains had their DNS settings poisoned by supporters of OpIsrael, using the same vulnerability.

Advertisement. Scroll to continue reading.

As to the vulnerability itself, PKNIC hasn’t issued any statements, but the current speculation is that they were open to SQL Injection and Cross-Site Scripting (XSS). The SQL Injection / XSS rumor grew early Monday morning, when alleged proof from one of the hacker’s involved in this weekend’s incident sent proof to security blog eHacking News.

“The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory disclosure vulnerabilities in the official website of PKNIC,” the blog explained.

As of Monday morning, all of the targeted websites had recovered.

Related Reading: Five DNS Threats You Should Protect Against

Related Reading: The Top Five Worst DNS Security Incidents

Related Reading: The Implementation Challenges for DNSSEC

Related Reading: Four Ways to Prepare Your Enterprise for DNSSEC

Related Reading: Five Strategies for DNSSEC Key Management and Rollover

Related Reading: The Missing Ingredients for DNSSEC Success

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.