ID: IRCNE2012121686
Date: 2012-12-01
According to "techworld", the Romanian domain names of Google, Yahoo, Microsoft, Kaspersky Lab and other companies were hijacked on Wednesday and were redirected to a hacked server in the Netherlands.
The hijacking occurred at the DNS (Domain Name System) level, with attackers modifying the DNS records for google.ro, yahoo.ro, microsoft.ro, hotmail.ro, windows.ro, kaspersky.ro and paypal.ro, according to Costin Raiu, director of the global research and analysis team at security vendor Kaspersky Lab.
This led to the websites displaying an attacker-supplied page instead of their regular content.
The hacker pointed the domains to a server in the Netherlands - server1.joomlapartner.nl - that also appears to have been hacked, said Bogdan Botezatu, a senior e-threat analyst at Romanian antivirus vendor Bitdefender.
Botezatu believes that the DNS records were modified as a result of a security breach at the RoTLD domain registry, which manages the authoritative DNS servers for the entire .ro domain space.
"Google services in Romania were not hacked," a Google representative said Wednesday via email. "For a short period, some users visiting www.google.ro and a few other web addresses were redirected to a different website. We are in contact with the organisation responsible for managing domain names in Romania."
"We are aware that Yahoo.ro was inaccessible to some users in Romania," a Yahoo spokeswoman said via email. "This issue is resolved and we apologize for any inconvenience this may have caused."
"On 27 November, Microsoft.ro was impacted by a third-party DNS issue," Microsoft said in an emailed statement. "The site has since been fully restored and we can confirm that no customer information was compromised. We are working with our third-party partners to evaluate their security practices."
Botezatu believes that the hackers who hijacked the DNS of the Romanian domains Wednesday might be the same ones responsible for the attack in Pakistan last week.
On 9 November, the .IE Domain Registry (IEDR) issued a statement saying that the incident was the result of hackers exploiting a vulnerability in the registry's website.
- 2