Pro-U.S. message replaces Aljazeera.net
By Robert Lemos
Staff Writer, CNET News.com
March 27, 2003, 3:55 PM PT
update Visitors to both the Arabic and English versions of the Al Jazeera Web site on Thursday were greeted with an American flag and a pro-U.S. message, the work of an apparent online vandal.
The controversial Middle Eastern news service was the victim of a domain hijacking. The actual defacement appeared on a free Web site service provided by NetWorld Connections. Technically known as a "redirect," the hack caused Web browsers that attempted to go to www.aljazeera.net--as well as the English-language site--to be surreptitiously redirected to the content hosted on NetWorld's servers.
The NetWorld service detected a spike in traffic early Thursday morning, and an e-mail from a security specialist confirmed that visitors to Al Jazeera were being redirected to NetWorld's service, said Ken Bowman, CEO of the Salt Lake City company.
"We pulled down the content immediately," Bowman said. He added that VeriSign, which administers the domain registry, eliminated the redirect later in the morning. "They never even touched (Al Jazeera's) site," he said.
The problem has been corrected by eliminating the redirect and reinstating the correct addresses for Al Jazeera's sites. However, the changes take time, up to three days, to filter throughout the Internet. Moreover, even without the redirect issue, Al Jazeera's sites may remain unreachable as they continue to come under attack by online vandals flooding the news outlet's network with data.
The FBI has opened an investigation into the attack on Al Jazeera's Web site, a representative with the bureau said Thursday.
A representative of VeriSign couldn't immediately answer questions regarding how the domain had been hijacked.
The records from the whois database--the distributed directory that holds information about each domain--indicated early on Thursday that online vandals had managed to forge new domain records. Such records typically describe the services that are offered by a particular domain, such as Web, mail and file hosting.
Instead, VeriSign's records pertaining to Al Jazeera had apparently been replaced by data that pointed to name servers hosted by MyDomain.com. Those name servers in turn referred Web requests to the defacement site located at NetWorld.
"MyDomain has learned from NavLink, the company that hosts the aljazeera.net Web site from its data centers in France, that Al Jazeera's domain name account at Network Solutions (a subsidiary of VeriSign) was compromised," MyDomain.com said in a statement late Thursday. "NavLink has confirmed...that it has regained access to the account at Network Solutions and changed the name servers back to the correct settings."
E-mail messages to NavLink requesting comment weren't immediately answered. MyDomain believed that changes would take as long as 72 hours to filter out to all parts of the Internet.
The defacement is the latest in a flurry of activity surrounding the Middle Eastern news service.
Al Jazeera has had to contend with both technical problems and attacks this entire week. The Arab satellite TV network launched its English-language Web site on Monday, attracting significant media coverage. The site hosts the station's controversial video coverage, which has included images of U.S. soldiers killed and taken prisoner.
The controversy and resulting media coverage has also made the site a target of a number of online miscreants.
"Let Freedom Ring!" stated Thursday's defacement, featuring a large American flag and signed by a vandal with the handle "Patriot" and claiming to be part of a group called the Freedom Cyber Force Militia. "GOD BLESS OUR TROOPS!!!"
NetWorld's Bowman said the site had been created using a free hosting service that the company offers. He also explained that, because the service is free, the company doesn't keep very rigorous watch on the activities.
"All the supplied information was fictitious," he said, quashing any possibility of aiding in a law enforcement investigation. "It's is a free site, so we don't track any data. We don't track the Internet addresses or anything else. It would take a staff of about 500 to do so."
Bowman said they are analyzing what happened and may change the way the free portion of the site is administered to prevent future incidents.One security expert familiar with the defacement scene said that he had never heard of a group called Freedom Cyber Force Militia.
"We didn't hear about many other defacers who hacked right (before) the war," the administrator of Zone-H.org, a popular security and defacement news site, said in an e-mail interview. "I guess a lot of IT (security) professionals took the chance of this war to remove some rust from their fingers," said the administrator, who goes by the handle SyS64738.