Google, Yahoo! Romania Hacked by Algerian Cybercriminal (Updated)

SHARE: Tweet Adjust text size:
- Google defaced by Algerian hacker
An Algerian hacker using the online moniker MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro). Most likely, the attacker hasn’t actually breached Yahoo! or Google severs. Instead, he gained access to DNS servers and altered the records to ensure that all visitors of yahoo.ro or google.ro would be redirected to his defacement page. According to his zone-h.org account, MCA-CRB is responsible for defacing well over 5,000 sites, including ones belonging to governments from all around the world. This is not the first time when hackers turn to this technique to deface high-profile websites. Last week, the Pakistani sites of Google, Yahoo!, Microsoft, PayPal, eBay, HP and Apple have been defaced in the same way. At the time, the attackers leveraged a vulnerability in the systems of PKNIC, a Pakistani domain name registrar to alter the DNS records. Update. Yahoo.ro is working properly, but google.ro is still inaccessible to many users. Those who use the DNS settings provided by their ISPs should have no trouble accessing the site, but internauts who rely on Google's public DNS cannot reach the website. Update2. Kaspersky experts have also analyzed the incident. They’ve discovered that the attackers hijacked not only google.ro and yahoo.ro, but also other domains such as microsoft.ro and paypal.ro. The researchers have confirmed out theory about Google’s public DNS servers and they highlight the fact that the attackers hijacked the 8.8.8.8 and 8.8.4.4 entries to redirect users to their own IP address. Google appears to have fixed the hijacked records at 13:00 GMT+2 Update3. The incident is most likely the result of a data breach that affected RoTDL, the organization responsible for handling .ro top-level domains. Unlike its Pakistani counterpart, RoTDL hasn't issued any statement regarding the incident. Update4. Damien Perillat, Managing Director of PayPal in Central Eastern Europe, reveals that despite the fact that the attackers redirected the visitors of paypal.ro to an arbitrary website, PayPal Romania is actually located at paypal.com/ro. This website hasn't been affected by the attack, Perillat explained. Add me on Google+
FILED UNDER: defaced website Google Yahoo!

TELL US WHAT YOU THINK:

15,003 hits · 3 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

Faulty CSS Leads Users to Believe Kaspersky Site Was Hacked

Lithuanian Police Website Hacked and Defaced by SlixMe

Pakistani Google, Yahoo!, Apple, eBay, PayPal Sites Hacked (Updated)

Advanced Biomedical Research Company Hacked to Promote OpBigBrother

Greek Government Site Defaced by Bangladeshi Hackers in Protest Against Israel

READER COMMENTS:

Comment #1 by: Andrew Barratt on 28 Nov 2012, 09:43 UTC	reply to this comment
Not really a defacement as the original site isn't hacked. The DNS registrars must do more to ensure that access to DNS records is properly controlled.

Comment #2 by: yakini on 29 Nov 2012, 07:20 UTC	reply to this comment
that is terible, but i have a respect for his intellegence

Comment #3 by: Tibi on 01 Dec 2012, 09:24 UTC

reply to this comment

When I've notice the "situation" with google.ro I verified their DNS entry with rotld (the Romanian authority for the top level .ro domain). It was there that the entry had been altered, including the tehnical / contact email used to reset the administrative password for managing DNS for the domain. ... this was not a hack, someone just got a hold of either the password or ... maaaaabe DB-access to rotld.ro.

just a thought
Tibi

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use