Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Use DNS Attack to Deface Google, Apple, and eBay in Pakistan

On Saturday, hundreds of Pakistani portals and Web sites for some major organizations were by all appearance compromised, and defaced. However, as it turns out, a group of hackers used DNS redirection in order to perform the stunt, which allowed the domains time to recover – but not before the damage was done.

On Saturday, hundreds of Pakistani portals and Web sites for some major organizations were by all appearance compromised, and defaced. However, as it turns out, a group of hackers used DNS redirection in order to perform the stunt, which allowed the domains time to recover – but not before the damage was done.

.PK Domains Hacked Via DNSAccording to mirror records on Zone-H; Pakistani URLs maintained by Sony, Microsoft, Yahoo, PayPal, Fanta, Coke, Apple, HP, and Google all had their DNS poisoned and redistricted to websites with tags from a known Turkish hacking group. The DNS attack was enabled by a vulnerability in the registration scripts used by PKNIC. Some reports indicate that more than 300 domains were affected as a result of the attack.

PKNIC is responsible for the administration of all .PK domain names, including the operation of the DNS for the Root-Servers for .PK itself.

According to reports, PKNIC was warned about the vulnerabilities earlier this month, but dismissed the warnings as a joke or unreliable. In response, the hackers proved their point by targeting some of the largest domains held by them.

As Ram Mohan notes in a SecurityWeek column, “Attackers know that if they can control or impair their target’s DNS, they achieve absolute leverage over their victim.” This is exactly what appears to be the case regarding the affected .pk domains this weekend.

“Why we have wasted our time to hack Pakistani Sites? Just because let us convey our message. We warned you and we were willing to fix your vulnerability but you think we are jokers and you guys took it as a joke? Yes it’s time to bang you guys!!” a translation of a hacked domain reads.

Interestingly enough, it would seem that PKNIC should have known something was wrong, when several Israeli domains had their DNS settings poisoned by supporters of OpIsrael, using the same vulnerability.

As to the vulnerability itself, PKNIC hasn’t issued any statements, but the current speculation is that they were open to SQL Injection and Cross-Site Scripting (XSS). The SQL Injection / XSS rumor grew early Monday morning, when alleged proof from one of the hacker’s involved in this weekend’s incident sent proof to security blog eHacking News.

“The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory disclosure vulnerabilities in the official website of PKNIC,” the blog explained.

As of Monday morning, all of the targeted websites had recovered.

Related Reading: Five DNS Threats You Should Protect Against

Related Reading: The Top Five Worst DNS Security Incidents

Related Reading: The Implementation Challenges for DNSSEC

Related Reading: Four Ways to Prepare Your Enterprise for DNSSEC

Related Reading: Five Strategies for DNSSEC Key Management and Rollover

Related Reading: The Missing Ingredients for DNSSEC Success

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.