Famous Bangladeshi hacker TiGER-M@TE known for his big defacements strikes again! This is not the first time TiGER-M@TE hit big and DNS attack, The hacker hijacked Malwai Top level domains on Febreuary.
The hacker managed to hack into Kenya (.ke) Domain Registrar website and also target Master and Slave DNS servers.The attackers changed the authoritative DNS records for the affected domains, to point the domain names to their own web server with a deface page hosted on it.
It’s not clear how this attack was carried out, but it may have involved compromising the system operated by the Kenya Top Level Domain Registrar (KeTLD).
Hacked Sites List:
- www.microsoft.co.ke
- www.msn.co.ke
- www.youtube.co.ke
- www.bing.co.ke
- www.skype.co.ke
- www.hp.co.ke
- www.westernunion.co.ke
- www.dell.co.ke
- www.google.co.ke
Mirrors:
http://www.zone-h.org/archive/notifier=tiger-m@te
What is DNS poisoning?
DNS is the system that converts website names into an IP address of the server hosting the website. A DNS poisoning attack tampers the valid list with fake records causing domain names to resolve to incorrect IP addresses.
Why deface one website, when you can just hack the server that holds the IP address to the victim’s site? So, if you can hack the Domain Name System registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.
These attacks can be much worse, if the hacktivists are a more malicious group. Like Nation State hackers, for example, who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via Domain Name System manipulation. Imagine, how many accounts can be compromised if the websites are redirected to a Phishing page, instead of a defaced page.
At the time of reporting, Domain Registrar fixed the DNS server records and all affected domains are pointed back to original servers.