On Saturday, we reported that several Pakistani high-profile websites – including Google, Microsoft, Apple, PayPal, HP and HSBC – appeared to have been hacked. Now, PKNIC, the company responsible for the administration of the .pk domain name space, has come forward with a statement to explain the incident.
As expected, the hackers didn’t actually breach the servers of the aforementioned companies. Instead, they leveraged a vulnerability in PKNIC’s systems to gain access to 4 user accounts. This allowed them to alter a number of nine DNS records.
“During our update to strengthen security, particularly regarding attacks of the ‘SQL injection’ kind, a more complex system had been installed. However, it inadvertently left open a vulnerability, under certain obscure conditions and contexts, that was used in the recent attack,” PKNIC's Executive Cairman Ashar Nisar explained.
“As a result, in addition to a thorough investigation of our entire site and systems, we reverted to the simpler more robust model of filtering out everything unknown, instead of continuing to use the new system that had been tailored to the latest threats using more complicated algorithms,” he added.
PKNIC representatives highlight the fact that the issue has been addressed and that no financial information has been accessed by the attackers since they don’t store such details in their databases.
They claim that PKNIC servers have not been hacked, but the security hole allowed the hackers to modify the DNS records of the four accounts.
The company reveals that root DNS services haven’t been affected and that besides the sites registered to the four accounts and a number of DNS servers, the other .pk websites have remained unharmed.
In order to prevent future incidents, the company plans on inviting “friendly hackers” to perform penetration testing against their systems. The details of this bug bounty program will be made available soon.