The Inquirer-Home
Software > Security

Acer and Vodafone among web sites hit by DNS hijacking

Spotlight falls on hardening DNS
By Lawrence Latif
Mon Sep 05 2011, 16:59

SEVERAL WEBSITES fell victim to domain name system (DNS) hijacking supposedly carried out by a Turkish hacking group.

The websites of Acer, Vodafone, Betfair, National Geographic and The Register fell victim to a group going by the name of Turkguvengligi. The attack left the websites showing the group's placeholder message.

Turkguvengligi didn't attack the websites directly, but rather it went after their DNS servers, redirecting web users to its own servers. The attack, known commonly as DNS hijacking, is one of the most dangerous attacks around due to its subtlety, which means that users have a hard time distinguishing whether they are on legitimate or compromised websites.

Graham Cluley, senior technology consultant at Sophos said, "In many ways we have to be grateful that the message displayed appears to be graffiti, rather than an attempt to phish information from users or install malware." Cluley also asked the fundamental question, just how did the attackers manage to change DNS records?

Securing a DNS server is a non-trivial task. One of the most popular DNS servers is ISC's BIND, bundled with just about every Linux distribution around. Although security has improved greatly in BIND 9, it reports vulnerabilities ranked as "high severity" fairly often.

Although there is no information suggesting that BIND or the hostmasters of the affected web sites were to blame for this attack, it highlights the importance of hardening DNS. µ

Tags: Software

Share this:

< Previous article| Next article >
Comments
Indeed

Well said otmar.
It's very obvious that you can often easily hack websites that do the management, and then you are sitting pretty.

Mind you bind does indeed have had a number of patches, but it's a rather simple system really so it should be easy to maintain whereas a web-server is much more complex and more vulnerable by the sheer mass of code, plus many in the hacker scene are going at them 24/7.
I think the biggest risk with bind is denial of service.

posted by : W.-, 05 September 2011 Complain about this comment
Bullshit

Sorry, this article is completely off the track.

The problem here was not the DNS resolution side. No nameservers were hacked. No DNS protocol level issues were exploited to poison caches. Bind did exactly was it was told to do. DNSSEC would not have helped.

The problem was on the provisioning side. The web-based administrative interface of a domain registrar got exploited.

So: this was a bug in a webserver. It's just that it was provisioning data into nameservers instead of, say, performing online-banking.

posted by : otmar, 05 September 2011 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: