Suriname, Antigua and Barbuda, and Saint Lucia High Profile Sites hacked by 1337

hacked by 1337

If the domain registrar server or NIC of a country was hacked recently, there’s a decent chance it is hacked by Pakistani Hacker 1337. The infamous hacker 1337 hit domain registrar server again and hijacked high profiles domains of Caribbean islands of Antigua and Barbuda, Suriname, and Saint Lucia.

Two days ago, CoCCA – Council of Country Code Administrators Registrar Service was hacked by 1337 with 12 NIC domain registrar website of CoCCA. The NIC hack don’t stop here. The 1337 hacker hacked Bhutan Nic (NIC.bt), Togo NIC (Nic.tg), NIC of Israel(.il), Pakistan NIC (.pk), NIC of Serbia (.rs), Nic of Uganda(.ug), NIC of Cape Verde(.cv) and NIC of Burundi(.bi).

It merit mentioning here that all domains are defaced with DNS poisoning attack. The hackers managed to hack into Domain Registrar website and changed the authoritative DNS records of the domain, to point the domain name to the madleets name server.
Name Server: b0x1.madleets.com
Name Server: b0x2.madleets.com

The complete list of Hijacked domains with mirror are listed below.

  • http://nic.ag
  • http://zone-h.org/mirror/id/20939686
  • http://nic.lc
  • http://zone-h.org/mirror/id/20939828
  • http://samsung.com.ag
  • http://samsung.co.ag
  • http://orange.com.ag
  • http://oracle.co.ag
  • http://volvocars.com.ag
  • http://cola.ag
  • http://window.ag
  • http://ibm.ag
  • http://canon.ag
  • http://canon.co.ag
  • http://canon.com.ag
  • http://canon.net.ag
  • http://canon.org.ag
  • http://clarion.ag
  • http://clarion.com.ag
  • http://fujitsu.ag
  • http://fujitsu.com.ag
  • http://hitatchi.com.ag
  • http://toshiba.ag
  • http://toshiba.com.ag
  • http://bmw.lc
  • http://toshiba.lc
  • http://toshiba.com.lc
  • http://hitatchi.com.lc
  • http://honda.com.lc
  • http://hitatchi.com.lc
  • http://samsung.co.lc
  • http://fujitsu.com.lc
  • http://canon.lc
  • http://audi.sr
  • http://blackberry.sr
  • http://avg.sr
  • http://bing.sr
  • http://microsoft.sr
  • http://mastercard.sr
  • http://intel.sr
  • http://microsoftwindows.sr
  • http://msn.sr
  • http://philips.sr
  • http://rollsroyce.sr
  • http://rolls-royce.sr
  • http://symantec.sr
  • http://vodafone.sr
  • http://samsung.sr
  • http://zone-h.org/archive/ip=185.8.105.81

At the time of publishing, the websites are still defaced and showing the message left by the hackers.

email