Sites affected included the Telegraph and Betfair, as unwary users put at risk of having passwords and other details stolen
A Turkish hacker group diverted traffic to a number of high-profile websites including the Telegraph, UPS, Betfair, Vodafone, National Geographic, computer-maker Acer and technology news site the Register on Sunday night, putting unwary users at risk of having passwords, emails and other details stolen.
Industry experts warned people not to log into sites such as Betfair because their details could be stolen.
Some people viewing the sites thought that they had been hacked directly, with the sites appearing to show a message in Turkish by a group called Turkguvenligi, who last month carried out a similar attack on a Korean company.
But in fact the sites themselves remained unaffected. The group had instead attacked the domain name system (DNS), which is used to route users to websites. A list of sites affected by the hack, including Microsoft in Brazil and Dell in South Korea, was posted on the zone-h website, used by hackers to list their successes.
When a user types an address, such as "telegraph.co.uk", the request is first sent to a DNS server which translates the human-readable address into a computer-readable one known as a "dotted quad".
In the case of the Telegraph, it would be 213.155.154.113 – controlled by Akamai, which spreads its content around the world.
But the hackers changed the details recorded for the affected sites by hacking into the database for the DNS at the "domain name registrar" company which registered the site.
DNS servers rely on each other to record and pass on updated details about the addresses of sites. Once the DNS records for a site is hacked at its registrar, the DNS servers around the world will start to copy and pass them on – meaning that more and more people will begin seeing the site as "hacked", although the site itself is still functioning. However it can only be reached by typing in the original dotted quad address directly into a browser and that will remain the case until the registrar database is repaired; and it could take up to two days to replace the faked records.
The DNS hack means that the hackers could direct users to any web page that they wanted.
The Guardian's investigations suggest that they were being redirected to a single page owned by a customer of a US company, Blue Mile Networks. Contacted by the Guardian, Blue Mile Networks said it was investigating the situation.
The hack seems to have been carried out early on Sunday evening. The hackers seem to have targeted Ascio.com, which registers domain names, or Netnames.co.uk.
On a Twitter feed, the hacking group said that they did it for "entertainment" and told the Guardian via Twitter that the purpose was: "Millions of dollars, large systems, small weaknesses and what I could do. Just for fun."
In August the same group appears to have hit a South Korean domain name registrar, exposing up to 100,000 domains which could be redirected.
--
Source: http://www.guardian.co.uk/technology/2011/sep/05/turkish-hacker-group-diverts-users
~
Manage subscription | Powered by rssforward.com
0 comments:
Post a Comment