14 DAY TRIAL // Trying to access Google Vietnam on Monday caused some users to land on a page announcing that the webpage of the search engine had been hacked by members of Lizard Squad hacker outfit.
For a period of several hours, the localized search service could not be used due to an apparent DNS (domain name server) hijacking incident. Visitors were redirected to a page controlled by the perpetrators, which showed a young man taking a selfie and a message crediting the Lizard hackers for the deed.
Lizard Squad name used to claim the attack
Additional information provided on the page pointed to a new Twitter account apparently created by the hackers, and included a link to the group’s DDoS service, which is now called Shenron but is hosted on the same domain as before.
DNS hijacking or redirection occurs when the list of IP addresses a DNS server (which is usually maintained by an Internet Service Provider) uses to translate web domains is altered and the traffic for a certain website is redirected to a different IP than the original one.
“Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas),” read the message left by the attackers.
It also mentioned Twitter account @LizardCircle, allegedly controlled by the Lizard Squad at the moment. It is unclear when the profile was set up, but the first tweet was published on Monday. The second one indicated that something was wrong with google.com.vn.
Lack of SSL certificate warns of fraudulent activity
At the time of writing, the Google search service in Vietnam has been restored and everything is back to normal. Other services from Google or the mobile search page remained unaffected.
DNS hijacking attacks are quite dangerous because malicious pages could be set up by hackers in order to distribute malicious software. The danger is obvious because the user sees the legitimate website address in the web browser and only the fraudulent page can provide clues that something is wrong.
Attempting this with websites using a secure connection, as are all localized versions of Google’s search, will cause the browser to issue an alert about possible malicious activity because the server did not present an SSL certificate to validate authenticity.
Anyone think http://t.co/IfjTUw7WRN looks a little different today?
— Lizard Squad (@LizardCircle) February 23, 2015
