BLOG

Vodafone, Telegraph, Acer, National Geographic, Ups, Betfair and The Register (famous British technology news and opinion website) got hacked by Turkguvenligi. Turkguvenligi is also know with the name "TG Hacker'.

What is peculiar in these attacks (started last Sunday evening at 10pm) consists in that they apparently have been carried out by means of Domain Name System (DNS) Hijacking.

In particular, at the moment it seems that the attacker(s) hacked into the DNS control panel of Net­Names, a Domain Name Management Services provider, by means of an SQL injec­tion attack, and consequently mod­ified the DNS con­fig­u­ra­tion of some sites, in order to use their own controlled name servers (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com) redirecting those web­sites to a defaced page.

The defaced web sites weren't directly attacked or corrupted: in fact access via the original IP address would consist in the access to the correct web site, but the DNS infrastructure they were relying over was under attack, thus causing internet traffic redirection towards web sites potentially containing harming scripts and malicious code.

As a preliminary incident response operation, some of the affected sites have shut down access for their users' precaution.

This event and its attack methodology, if confirmed, should let people reflect on the criticality of the DNS system, a transparent but too many times overlooked internet pillar, its application and its impact on critical operation sectors such as banking, energy, health and, last but not least, the daily life of citizens.