Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Attackers hijack the .ro domains of Google, Microsoft, Yahoo, others

Lucian Constantin | Nov. 29, 2012
The Romanian domain names of Google, Yahoo, Microsoft, Kaspersky Lab and other companies were hijacked on Wednesday and were redirected to a hacked server in the Netherlands.

"We are aware that Yahoo.ro was inaccessible to some users in Romania," a Yahoo spokeswoman said via email. "This issue is resolved and we apologize for any inconvenience this may have caused."

Microsoft did not immediately respond to a request for comment.

It's not clear whether the paypal.ro domain name is actually owned by PayPal. PayPal did not immediately respond to a request for comment seeking clarification.

The attack in Romania follows a similar one that occurred last week in Pakistan and affected the .pk domains of Google, Microsoft, Yahoo, PayPal and other companies. The security breach was traced back to PKNIC, the .pk domain registry.

"PKNIC became aware of a vulnerability in one of its systems which caused a total of four user accounts to be breached on Friday evening 23rd November, impacting nine DNS records, out of a total of around fifty thousand," the registry said in a statement published on its website this week. "That led to several website addresses to be redirected to a message page, with a defaced message in Turkish language for a few hours. Almost all of these websites were mirrors of global sites such as google.pk, microsoft.pk, or place-holders for International brand names who do not actually do business in Pakistan such as paypal.pk, etc."

Botezatu believes that the hackers who hijacked the DNS of the Romanian domains Wednesday might be the same ones responsible for the attack in Pakistan last week.

The attacks against country-code top-level domain (ccTLD) registry organizations seem to be increasing. In October, attackers managed to change the NS records of several Irish domain names including Google.ie and Yahoo.ie.

On Nov. 9, the .IE Domain Registry (IEDR) issued a statement saying that the incident was the result of hackers exploiting a vulnerability in the registry's website.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.