DNS poisoning is a fairly well-known and popular technique which is used to change the entries in the routing tables of the domain name system. Apparently by making use of this technique, an Algerian hacker was able to redirect users visiting Romanian websites of Google, Yahoo, PayPal, Microsoft and others to his own page.
The hack lasted only for a few hours. DNS poisoning has been known ever since 1990s and most domain name systems have updated software which are successfully able to thwart an attack based on this particular technique.
However, in this case, it seems that the Romanian Top Level Domain Registrar (RoTLD) was not that secure after all. The hack was probably carried out by tampering with the entries in routing tables of RoTLD which then led the users to a rogue server rather than the original server they intended to use.
DNS poisoning is often done to route the traffic to such a page which contains a malware or a fake page which asks the user to provide his credentials. In this case, thankfully, the hacker didn’t use any such things at the destination page. The page to which the users were being routed was merely used to brag about the exploit and contained the text, “Imagine how many accounts could have been compromised this morning if these websites were redirected to a phishing page, instead of a defacement page.”
The hack was short-lived and within a few hours, the websites which had been targeted were soon able to start receiving traffic again.
Source: Kaspersky
Courtesy: Arstechnica
[ttjad keyword=”iphone”]
