The NIC hacker hit domain registrar again and this time 1337 hacker hijack Google Malaysia official domains(www.google.com.my) with DNS poisoning attack. At the time of writing, Both of Google Malaysia official sites are defaced and showing the message left by the hackers.
Two days before, I wrote, If the domain registrar server or NIC of a country was hacked recently, there’s a decent chance it is hacked by Pakistani Hacker 1337. He proved it again.
Hacked Sites with Zone-h Mirrors:
Google Malaysia domains are defaced with DNS poisoning attack. The hackers managed to hack into MYNIC (Malaysia Network Information Centre) and changed the authoritative DNS records of the domain, to point the domain name to the madleets name server. Currently, Website whois records shows the following name servers.
Primary Name Server: b0x4.madleets.com
Secondary Name Server: b0x3.madleets.com
There is no specific reason mentioned by the hacker on the deface page. The hacker writes on the deface page,
“Struck by 1337! Google Malaysia STAMPED by PAKISTANI LEETS! We are TeaM MADLEETS! Pakistan Zindabad”
All NIC’s or domain registrars that has been hacked by the 1337 hacker can be found here.
MYNIC site issued a statement and confirmed the attack and that it had been resolved pending propagation across the internet:
We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.