Turkish hackers redirect traffic from websites and compromise passwords in DNS attack

Turkish hackers have carried out domain name system attacks on around 200 websites, including The Register, The Daily Telegraph, BetFair, Vodafone and Acer, redirecting traffic to third-party websites.

Although the sites were not hacked directly, the attacks put users at risk of having passwords and other details stolen if they attempt to log into the fake third-party sites under the hackers' control.

E-mails sent to the sites while the hack was live would also be redirected to the site substituted by the hackers.

Attacks on the domain name system (DNS) - which routes users to websites - rely on weaknesses in domain registrars to access the settings pages on the domain server to cause disruption.

"Instead of breaching the website itself, the hackers have managed to change the DNS records for the various sites affected," said Graham Cluley, senior technology consultant as security firm Sophos.

Many of the websites restored connections on Sunday, but because of the way that DNS works, it may take some time for corrected DNS entries to propagate worldwide, he wrote in a blog post.

"If you're in the habit of visiting and logging into the affected sites, you might be wise to clear your cookies so the hackers aren't able to steal any information from you," Cluley wrote.

Some of the affected sites appeared to show a message in Turkish by a group called Turk Guvenligi, which last month carried out a similar attack on a Korean company.

The latest DNS attack by the group appears to have targeted Ascio.com, which registers domain names, and Netnames.co.uk, among others, according to the Guardian.

On a Twitter feed, the hacking group said that they did it for entertainment and told the paper via Twitter that the purpose was: "Millions of dollars, large systems, small weaknesses and what I could do. Just for fun."

nb : computerweekly