The Register, The Daily Telegraph, UPS hit by DNS hack

Readers of British technology news and opinion website The Register got an unwelcome surprise when they tried to access it yesterday:

But, what at first looked like a successful hack turned out to be a rather simple DNS hijack attack, and The Register wasn’t the only victim – The Daily Telegraph, Vodafone, BetFair, Acer, UPS and National Geographic sites were also affected.

As evidenced by the graphics on the site to which visitors of the aforementioned websites were redirected, the attack was executed by a group of Turkish hackers that goes under the name of “TurkGuvenligi” (“guvenligi” is Turkish for “security”) and seems to have been done simply for the fun of it.

The sites themselves seem not to have been compromised, so their users can rest easy. Zone-H points out that all these websites have one thing in common: they all use Net­Names as their reg­is­trar.

“It appears that the Turk­ish attack­ers man­aged to hack into the DNS panel of Net­Names using a SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites, to use their own DNS (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com) and redi­rect those web­sites to a defaced page,” explains Kevin Fernandez.

Most of the affected sites have reacted by shutting down all services that require passwords as a precaution measure. In the meantime, DNS records have been corrected, but it will take hours for them to be propagated worldwide.

These sites were not the first ones to have their DNS records hijacked by TurkGuvenligi – in the past, they have struck a number of sites belonging to security companies and popular musicians.

Luckily for all of them, the Turkish hackers haven’t redirected visitors to phishing sites or sites serving malware.

Don't miss