Google Malaysia hit by DNS poisoning
Instead of getting a search page, Malaysians visiting Google Malaysia (google.com.my) this morning were treated to a webpage that proclaims "Google Malaysia STAMPED by PAKISTANI LEETS."
It is believed that it is not the Google Malaysia search page that has been hacked, but it is the domain name servers that translates the name "google.com.my" into actual web address that has been compromised.
In this "DNS poisoning" attack, anyone trying to visit the Google Malaysia website will instead be redirected to the hacker's page.
This situation is similar to one on July 3 (Hacker causes Bangladeshi waves) where visitors trying to access many ".my" domains were instead redirected to the hacker's site.
In that attack, a person or team known as Bangladeshi HackerR claimed responsibility, while in this latest attack, a hacker known as 1337 from TeaM MADLEETS claims credit.
Meanwhile, web surfers are recommended to visit the international page for Google at www.google.com instead of www.google.com.my.
It is not currently known how many .my websites have been affected by the attack.
We are currently in the process of contacting MyNIC Bhd, the sole agency responsible for .my domain names in Malaysia for comment.
Update: MyNIC has a statement on their website at mynic.my: "We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.
At the moment, we are undertaking all necessary measures to monitor the situation and prevent further related issues."
Update 2: Google Malaysia issued a statement: “For a short period, some users visiting google.com.my were redirected to a different website; Google services for the google.com.my domain were not hacked. We've been in contact with the organisation responsible for managing this domain name and the issue should be resolved.”
The google.com.my is now up and running.
Update 3: Google Malaysia's domain host, Integricity Technology's statement on their site:
"Just after midnight on October 2013, our FatServers operations centre was notified of an unauthorised update to one of the domains under our care – google.com.my.
We immediately tried to log into the MYNIC reseller system to check on the status, but were unable to do so. The DNS servers for this domain have been modified and this has caused the URL to be pointed to a page that shows the site has been hacked.
The hackers claim to be TeaM MADLEETS from Pakistan.
11 Oct 2013, 4.07am (GMT+8)
We have just received a call from MYNIC to inform us that their technical team has now been alerted and is working to identify the source of the issue and rectify the problem. We will be contacted when they are able to furnish us with updates.
11 Oct 2013, 5.45am (GMT+8)
While we have not had any official updates from MYNIC yet, our checks show that the DNS servers for google.com.my and google.my have been restored to ns1.google.com and ns2.google.com. It will take some time for the new DNS servers to be updated throughout the world, but it should happen soon.
11 Oct 2013, 9.20am (GMT+8)
We received two calls from MYNIC – one to inform us that the DNS servers have been changed to the rightful ones (which we already knew at 5.45am based on our whois). They mentioned that the full report would only be released after a detailed investigation. The second call informed us that our MYNIC reseller logins have been blocked temporarily to facilitate investigation.
11 Oct 2013, 10.36am (GMT+8)
MYNIC has restored our reseller access to their system. We are now able to manage domains for our customers again. Their investigations are still ongoing.
~ The Star
It is believed that it is not the Google Malaysia search page that has been hacked, but it is the domain name servers that translates the name "google.com.my" into actual web address that has been compromised.
In this "DNS poisoning" attack, anyone trying to visit the Google Malaysia website will instead be redirected to the hacker's page.
This situation is similar to one on July 3 (Hacker causes Bangladeshi waves) where visitors trying to access many ".my" domains were instead redirected to the hacker's site.
In that attack, a person or team known as Bangladeshi HackerR claimed responsibility, while in this latest attack, a hacker known as 1337 from TeaM MADLEETS claims credit.
Meanwhile, web surfers are recommended to visit the international page for Google at www.google.com instead of www.google.com.my.
It is not currently known how many .my websites have been affected by the attack.
We are currently in the process of contacting MyNIC Bhd, the sole agency responsible for .my domain names in Malaysia for comment.
Update: MyNIC has a statement on their website at mynic.my: "We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.
Update 2: Google Malaysia issued a statement: “For a short period, some users visiting google.com.my were redirected to a different website; Google services for the google.com.my domain were not hacked. We've been in contact with the organisation responsible for managing this domain name and the issue should be resolved.”
The google.com.my is now up and running.
Update 3: Google Malaysia's domain host, Integricity Technology's statement on their site:
"Just after midnight on October 2013, our FatServers operations centre was notified of an unauthorised update to one of the domains under our care – google.com.my.
We immediately tried to log into the MYNIC reseller system to check on the status, but were unable to do so. The DNS servers for this domain have been modified and this has caused the URL to be pointed to a page that shows the site has been hacked.
The hackers claim to be TeaM MADLEETS from Pakistan.
11 Oct 2013, 4.07am (GMT+8)
We have just received a call from MYNIC to inform us that their technical team has now been alerted and is working to identify the source of the issue and rectify the problem. We will be contacted when they are able to furnish us with updates.
11 Oct 2013, 5.45am (GMT+8)
While we have not had any official updates from MYNIC yet, our checks show that the DNS servers for google.com.my and google.my have been restored to ns1.google.com and ns2.google.com. It will take some time for the new DNS servers to be updated throughout the world, but it should happen soon.
11 Oct 2013, 9.20am (GMT+8)
We received two calls from MYNIC – one to inform us that the DNS servers have been changed to the rightful ones (which we already knew at 5.45am based on our whois). They mentioned that the full report would only be released after a detailed investigation. The second call informed us that our MYNIC reseller logins have been blocked temporarily to facilitate investigation.
11 Oct 2013, 10.36am (GMT+8)
MYNIC has restored our reseller access to their system. We are now able to manage domains for our customers again. Their investigations are still ongoing.
~ The Star
0 comments:
Post a Comment