[+] Wayc0de's Blog[+]


Turkish hacker group diverts users away from high-profile websites

Sites affected included the Telegraph and Betfair, as unwary users put at risk of having passwords and other details stolen

Daily Telegraph website after hack
The Daily Telegraph website after hackers had attacked their server.
A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register on Sunday night, putting unwary users at risk of having passwords, emails and other details stolen.

Industry experts warned people not to log on to sites such as Betfair because their details could be stolen.
Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company.

But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of the sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-h website, used by hackers to list their successes.

When a user types an address, such as telegraph.co.uk, the request is first sent to a DNS server which translates the human-readable address into a computer-readable one known as a "dotted quad".In the case of the Telegraph, it would be – controlled by Akamai, which spreads its content around the world.

But the hackers changed the details recorded for the affected sites by hacking into the database for the DNS at the "domain name registrar" company which registered the site.

DNS servers rely on each other to record and pass on updated details about the addresses of sites.
Once the DNS records for a site is hacked at its registrar, the DNS servers around the world will start to copy and pass them on – meaning that more and more people will begin seeing the site as "hacked", although the site itself is still functioning.

However, it can only be reached by typing in the original dotted quad address directly into a browser and that will remain the case until the registrar database is repaired; and it could take up to two days to replace the faked records.

The DNS hack means that the hackers could direct users to any web page that they wanted.

The Guardian's investigations suggest that they were being redirected to a single page owned by a customer of a US company, Blue Mile Networks. Contacted by the Guardian, Blue Mile Networks said it was investigating the situation.

The hack seems to have been carried out early on Sunday evening. The hackerssaid the targeted Ascio.com, which registers domain names, and Netnames.co.uk, among others.

On a Twitter feed, the hacking group said that they did it for "entertainment" and told the Guardian via Twitter that the purpose was: "Millions of dollars, large systems, small weaknesses and what I could do. Just for fun."

Tidak ada komentar:

Posting Komentar