Google, Microsoft and Yahoo DNS records hacked
מאת Yaron Orenstein | 8 תגובותTwo days ago, while looking for information regarding the owner of a certain domain, I decided to check who is the owner of the Google.com domain. Using one of the websites providing the Whois service I discovered that the DNS was hacked by a Russian group called www.web-hack.com.
This hacking group has modified some of Google’s records and added information to the end of each specified Google domain.
For example, they modified the main Google.com domain to:
GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM
GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
Intrigued by these findings I tried the Whois for Microsoft.com and incredibly, this domain’s DNS have also been abducted by the same hacking group, though this one contains some cleverer modifications, such as:
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
and if that’s not enough, Yahoo.com has suffered the same fate:
Two days later, this data is still available to those checking the Whois for these domains. None of the affected companies' IT departments has fixed it.
Sharon Vardi, a security and IT expert, explains: “What happened is that some hackers managed to "poison" the DNS registration information for some companies. This causes the updated information to replicate to all DNS servers worldwide without any ability to control the infection until the data is deleted and replicated again. Such hacking is called DNS poisoning or spam. It is basically harmless and causes no real damage except the messages placed in the DNS records.”
This raises two questions:
1. How come a Russian hacking group manages to hack the DNS records of the three largest Internet companies in the world?
2. While not fatal, why none of these companies has managed to trace and fix it for two days (so far) ?
the.co.ils is the leading Israeli Web2.0 blog, covering and analyzing Internet trends from various aspects, with a focus on the Israeli Web2.0 scene. We are planning on launching our English version soon, so please feel free to add our English RSS feed and be there when it happens.
אין פה שום סכנה לשלושת חברות אלו, והפריצה הזו גם כלל לא אמורה להפריע להם. מה שקרה כאן זה שמישהו עשה רפליקציה למידע פיקטיבי על שמות מתחם שברשותו, ועל הדרך דחף גם שמות של אתרים גדולים ומוכרים איפשהו לאורך שם המתחם מתוך כוונה לגנוב להן קצת תעבורה.
זיבול שמות מתחם ב־DNS אינו תופעה חדשה, והיא קיימת מזה שנים במקביל לשיטות דומות בפרוטוקולים אחרים (ניוזגרופס, מישהו?).
You did a "whois google.com" That does a lookup for all DNS entries which contain "google.com" As a result, it returns things like GOOGLE.COM.SPROSIUYANDEKSA.RU
That’s got nothing to do with google the company. It’s just someone with the domain SPROSIUYANDEKSA.RU has created a record for the host "google" and the subdomain "com" It means nothing to google, doesn't mean dns has been hacked in any way.
Huh? Google, Yahoo
Yaron from The.Co.ils just exposed an interesting hacking story with a cynical twist on the DNS records of Google, Yahoo and Microsoft. All were hacked in the same way and by the same group… Read the whole story Screenshots
- How come a Russian hacking group manages to hack the DNS records of the three largest Internet companies in the world?
They didn't. read mike’s comment above. the google.com domain is not affected at all. try the query "whois =google.com" to get the complete details on each domain
- While not fatal, why none of these companies has managed to trace and fix it for two days (so far) ?
They basically dont own any of these domains, and therefore can not really do anything to "fix" it, tho it ain't broken.
[…] Ah, OK, a quick lesson to thecoils.com on how sub domains work: when you register a domain name, such as google.com, you can create sub domains, such as images.google.com, video.google.com, etc. Notice that these sub domains all END in ‘google.com’, indicating that they are sub domains of google.com. Now, let’s say you find a sub domain name like this: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET […]
Nobody was hacked here, you are seeing all subdomains containing "google.com." as Craig above me explained.
Your lookup tool even says "To single out a record…"
I wonder if Mr. Vardi actually saw the screenshot or if you relayed this info to him personally, because an IT security expert should know how to read a URL
Question: What whois website did you use? Did you have the same results on others? Most websites do not do a global subdomain search as yours did…
[…] Kaynak […]
ולמה זה בדיוק מעניין?