Readers of British technology news and opinion website The Register got an unwelcome surprise when they tried to access it yesterday:
But, what at first looked like a successful hack turned out to be a rather simple DNS hijack attack, and The Register wasn’t the only victim – The Daily Telegraph, Vodafone, BetFair, Acer, UPS and National Geographic sites were also affected.
As evidenced by the graphics on the site to which visitors of the aforementioned websites were redirected, the attack was executed by a group of Turkish hackers that goes under the name of “TurkGuvenligi” (“guvenligi” is Turkish for “security”) and seems to have been done simply for the fun of it.
The sites themselves seem not to have been compromised, so their users can rest easy. Zone-H points out that all these websites have one thing in common: they all use NetÃ‚ÂNames as their regÃ‚ÂisÃ‚Âtrar.
“It appears that the TurkÃ‚Âish attackÃ‚Âers manÃ‚Âaged to hack into the DNS panel of NetÃ‚ÂNames using a SQL injecÃ‚Âtion and modÃ‚Âify the conÃ‚ÂfigÃ‚ÂuÃ‚ÂraÃ‚Âtion of arbiÃ‚Âtrary sites, to use their own DNS (ns1.yumurtakabugu.com and ns2.yumurtakabugu.com) and rediÃ‚Ârect those webÃ‚Âsites to a defaced page,” explains Kevin Fernandez.
Most of the affected sites have reacted by shutting down all services that require passwords as a precaution measure. In the meantime, DNS records have been corrected, but it will take hours for them to be propagated worldwide.
These sites were not the first ones to have their DNS records hijacked by TurkGuvenligi – in the past, they have struck a number of sites belonging to security companies and popular musicians.
Luckily for all of them, the Turkish hackers haven’t redirected visitors to phishing sites or sites serving malware.