Vulnerability Research Vendor's Domain Hijacked

The domain name of vulnerability research company Secunia was redirected earlier today to an unrelated Web page showing a message in Turkish, after its DNS records were altered.

Secunia is one of the world's leading vulnerability intelligence and management vendors. Based in Denmark, the company tracks, rates and catalogs security vulnerabilities in more than 30,000 software applications, operating systems and appliances.

For one hour and ten minutes today, starting with 00:40 AM CET, users who visited secunia.com saw a page displaying a message reading "Is?ms?z Kahramanlar Sunar.. System Get Down Gel Babana..." and a graphic showing a dragon with the text "TurkGivenligi" (Turk Security).

According to the vendor, the attack was the result of the authoritative DNS hosting being redirected. The exact circumstances under which this happened are still being investigated.

The Domain Name System (DNS) is one of the building blocks of the Internet and is responsible for translating domain names into IP addresses.

The secunia.com domain normally resolves to 213.150.41.226, an IP address in Denmark, which belongs to the security company.

However, according to SANS ISC, during the attack, the domain pointed to 81.95.49.32, an IP registered to an UK company called Avensys Networks.

The most straight-forward method of hijacking a domain in this way, short of compromising its authoritative DNS server, is to change its corresponding NS records from the registrar-provided administration panel.

The technique usually involves socially engineering registrar employees and has previously been used to hijack high profile domains like comcast.net, twitter.com and  baidu.com.

Three hackers responsible for hijacking Comcast's domain in 2008 have already received prison sentences for their action.

Baidu sued Register.com last year for gross negligence, after the company's staff gave hackers access to its domain name despite failing to pass the required security checks.