Clearly a prank, the attack signals admins as weak spot

Dec 15, 2014 15:46 GMT  ·  By
Vistors of Ontario.ca page redirected to server showing MC Hammer video
5 photos
   Vistors of Ontario.ca page redirected to server showing MC Hammer video

Visitors of the Ontario.ca website were greeted with the video of MC Hammer’s “U Can’t Touch This” on Friday evening, for a period of several hours.

The page, which is a simple one with just a search function and the option to switch between English and French languages, was not defaced. Instead, the attacker managed to execute a DNS hijacking attack, pointing visiting computers to a different server than the original one.

As such, instead of the official content, they were served whatever the attacker wanted, in this case, the “U Can’t Touch This” video. Other elements were also present, such as the photo of a boy, and the words “Hacked” and “#Unarrestable.”

Sensitive information was not affected

The incident did not affect any information relating to the government because the webserver of the site was not in any way affected. Instead, the routing service holding the DNS (domain name service) records was compromised and the intruder changed them to point to a server under their control instead of the one serving Ontario.ca. Basically, the government website was not impacted in any way, it was just unreacheable.

CP24 reports that Zita Astravas, press secretary for Premier Kathleen Wynne, said that the cyber security issues are taken seriously and that they are committed to protecting the data from the citizens and businesses in Ontario.

At the moment there is no information about the identity of the perpetrator, or if the boy in the picture has been identified. This time it was only a prank, but a DNS hijacking attack is as serious an issue as it is to carry out.

Protecting against this type of attack is easy

Domains should be locked against changing, and domain registrars offer this possibility. Moreover, administrators should be extremely careful with the credentials necessary for accessing domain registrars, since this is one of the easiest ways in.

Phishing attacks are the most frequent particularly because they also have a high rate of success. Hackers are skilled in social engineering and know exactly what to say to someone to extract sensitive information.

A phone call to the right person or a well-crafted email can unlock well-shut doors. There is some evidence that the Sony hack started with a phishing email and then the intruders moved laterally through the network in a reconnaissance mission.

DNS hijacking can easily lead to compromising visitors by pointing them to a malicious location that serves malicious content. In the case of Ontario.ca, a website that is trusted as being secure, the damage would be quite significant.

Check out the “U Can’t Touch This” video:

Ontario.ca DNS hijacking result (5 Images)

Vistors of Ontario.ca page redirected to server showing MC Hammer video
How DNS redirection worksIndex page of Ontario.ca is simple
+2more