Unidentified hackers were able to hijack the domain name of Tata Consultancy Services (TCS), the largest IT and outsourcing provider in India. The DNS servers were apparently altered in order to redirect the domain to a different server.
The attack happened last Sunday, when www.tcs.com displayed a message reading, "This domain name is for sale. Please contact us for further informations [sic.]." The contact e-mail address left by the attacker was firstname.lastname@example.org and the message was repeated in French.
According to India's The Economic Times, the domain was hijacked for almost three hours and company officials cited DNS problems. "The TCS website www.tcs.com was disrupted. Subsequently, it has been restored and is functioning fine. None of the servers were compromised. Initial investigation reveals a DNS redirection at the domain name registrar’s end. Further investigations are on," a spokesperson commented for the newspaper.
The DNS provider for the tcs.com domain name is Network Solutions, one of the largest domain name registrars in the world. Back in January, the company announced that a remote file inclusion (RFI) vulnerability was used to compromise some of its UNIX servers, leading to the defacement of hundreds of websites. However, it is unclear if either a vulnerability or a set of stolen credentials were used in this attack.
Similar attacks affected companies such as Twitter and Baidu. Twitter's domain name was hijacked by a group calling itself the Iranian Cyber Army back in December. In January, the same group altered the DNS records for baidu.com, China's largest Web search engine. It's worth pointing out that neither of the companies share the same DNS provider, Twitter's being Dyn Inc., while Baidu's register.com.
Tata Consultancy Services is a subsidiary of Tata Group, a world-renowned multinational conglomerate of companies with interests in the steel, automotive, communication, power and IT industries, amongst others. Ironically, TCS is also a provider of security services.