Hackers: Weekend DNS attack on high-profile sites for 'fun'

The group behind the DNS hack attack on a number of high-profile websites last weekend, including UK-based The Register, claimed it did it "for fun." UK-based news site The Guardian reported the Turkish hacker group Turkguvenligi claimed the attacks were not by chance since there were many security holes. "We usually choose some big targets and find a way to access them. sometimes it takes months. but harder makes it funnier ;) .[It was] not by chance because we are expert of all kinds of web vulnerability holes," Turkguvenligi said in an interview with The Guardian. Other than The Register, the group also attacked the Telegraph, UPS, and Betfair. According to the group, it hacked Netnames.co.uk and Ascio, "in addition with some other ones," adding it targets big domains. The group also claimed responsibility for the South Korea hack at ZDNet.com. "Yep. in fact we attacked there in the past but forgot some domains to hack :D so reowned it [hacked it again]," it said. "The hardest one is reaching the domain company but if you can succeed there will be a treasure for you :D," it added. DNS attack hits high-profile sites For several hours early Monday (Manila time), a UK-based science-technology website The Register fell prey to a DNS hack attack. The Register said it had to shut down access to its site as a precaution, although the site was back online as of 9 a.m. Monday, Manila time. "A DNS hijack, we think - but our provider is nowhere to be found. We have shut down access/services as a precaution," it said in its Twitter account. It said its DNS records had ben restored to normal as of Monday morning, but it suggested that users to restart their browsers, operating systems, or routers. "Broad end-user advice. There's dns caches in your browser, OS, routers, ISP. Any with dodgy info is a problem - restarting often helps!" it added. The Register also posted an explanation, saying that the DNS records of many websites, including The Register, were hijacked and redirected to a third-party page. "It's been a frustrating few hours. But we can tell you The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services - in other words, anything that requires a password - as a precaution," it said. Computer security firm Sophos said other sites that were attacked by the DNS hack included The Daily Telegraph and UPS. It said that while The Register was under attack, visitors to its site were directed to a page with the message, “Gel Babana ... HACKED ... h4ck1n9 is not a cr1m3.’" The message also claimed the TurkGuvenligi hacker group declared September 4 as “World Hackes (sic) Day." Sophos’ Graham Cluley said the phrase “Gel Babana" is Turkish for “Come to Papa," and “Guvenligi" is Turkish for “Security." (http://nakedsecurity.sophos.com/2011/09/04/dns-hack-hits-popular-websites-telegraph-register-ups-etc/) “Instead of breaching the website itself, the hackers have managed to change the DNS records for the various sites affected," Cluley said. Cluley likened DNS records to a telephone book, converting human-readable website names into a series of numbers that the Internet can understand. “What seems to have happened is that someone changed the lookup, so when you entered telegraph.co.uk or theregister.co.uk into your browser you were instead taken to a website that wasn’t under the control of those websites," Cluley said. “In many ways we have to be grateful that the message displayed appears to be graffiti, rather than an attempt to phish information from users or install malware," he added. A separate article on The Hacker News said that during the attack, The Register’s site was redirected to the domain yumurtakabugu.com. The Hacker News also noted the perpetrators had been linked to attacks on the sites of Microsoft, Dell, ZDNet, F-Secure, and Adobe. — TJD, GMA News