Google, Yahoo! Romania Hacked by Algerian Cybercriminal (Updated)

The attacker most likely altered the DNS records to redirect visitors to his page

An Algerian hacker using the online moniker MCA-CRB has managed to deface the Romanian sites of Google ( and Yahoo! (

Most likely, the attacker hasn’t actually breached Yahoo! or Google severs. Instead, he gained access to DNS servers and altered the records to ensure that all visitors of or would be redirected to his defacement page.

According to his account, MCA-CRB is responsible for defacing well over 5,000 sites, including ones belonging to governments from all around the world.

This is not the first time when hackers turn to this technique to deface high-profile websites. Last week, the Pakistani sites of Google, Yahoo!, Microsoft, PayPal, eBay, HP and Apple have been defaced in the same way.

At the time, the attackers leveraged a vulnerability in the systems of PKNIC, a Pakistani domain name registrar to alter the DNS records.

Update. is working properly, but is still inaccessible to many users. Those who use the DNS settings provided by their ISPs should have no trouble accessing the site, but internauts who rely on Google's public DNS cannot reach the website.

Update2. Kaspersky experts have also analyzed the incident. They’ve discovered that the attackers hijacked not only and, but also other domains such as and

The researchers have confirmed out theory about Google’s public DNS servers and they highlight the fact that the attackers hijacked the and entries to redirect users to their own IP address.

Google appears to have fixed the hijacked records at 13:00 GMT+2

Update3. The incident is most likely the result of a data breach that affected RoTDL, the organization responsible for handling .ro top-level domains. Unlike its Pakistani counterpart, RoTDL hasn't issued any statement regarding the incident.

Update4. Damien Perillat, Managing Director of PayPal in Central Eastern Europe, reveals that despite the fact that the attackers redirected the visitors of to an arbitrary website, PayPal Romania is actually located at

This website hasn't been affected by the attack, Perillat explained.

Hot right now  ·  Latest news