• On CBS MoneyWatch: 5 Things You Should Buy at Walmart
April 27, 2009 4:23 PM PDT

Puerto Rico sites redirected in DNS attack

by Elinor Mills
  • Font size
  • Print
  • 12 comments

An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.

Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, Amichai Shulman, chief technology officer at Imperva, said on Monday.

A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system, he said. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added.

While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information.

People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited.

Calls to Gauss Research Lab, the organization that manages Puerto Rico's top-level domain, were not answered late on Monday.

This is the message the hackers left on sites affected by the DNS redirect attack, according to mirrors of the defacements captured by Zone-H.org.

(Credit: Zone-H.org)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

DNS redirect,

Imperva,

Google,

Microsoft,

Yahoo,

Peace Crew

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Log in with your face
See what's under McAfee's new interface
26 Windows, Office holes patched in 13 bulletins
McAfee: Spammers exploiting more news stories
Microsoft, Google split over browser bug bounty
Verizon temporarily blocks some 4chan sites
Security software maker Vitamin D exits beta
China breaks up Black Hawk hacking ring
Related
Baidu.com sues U.S. domain registrar over hacking
Crave giveaway of the day: official rules (1)
Behind the China attacks on Google (FAQ)
Crave giveaway of the week: Plantronics' Voyager Pro UC Bluetooth headset
Web searches for iPad leading to malicous sites
China-based Google attacks similar to prior ones
Google's challenge in China
Migrate your Web site
Add a Comment (Log in or register) (12 Comments)
  • prev
  • next
by SIGHUP April 27, 2009 6:13 PM PDT
We're seeing more and more of these DNS-related attacks and seeing them scale up ? <br />Did someone explain to this idiot that he was not hit with a new DNS attack, but an old SQL injection attack. I hope his incompetent ass gets fired.
Reply to this comment
by rollcage April 27, 2009 6:21 PM PDT
The group used a SQL injection attack to break into the registrar's system, and then used DNS redirects to send people to fake sites ("DNS-related")...so technically, the guy is still correct.
by JCPayne April 27, 2009 6:54 PM PDT
Well, who owned the redirected servers that were used during the attack? The new spoofed DNS entries had to point to somewhere.
Reply to this comment
by blueshore April 27, 2009 9:36 PM PDT
Gauss Lab is a sponsored project of the University of Puerto Rico (which is the state university), which also handles the Internet Exchange Point in Puerto Rico. There are some speculation that this project is going into the private sector for a number of reasons.<br /><br />In any case, most of the affected DNS entries are within the .pr TLD. Most of the sites that are Puerto Rico related uses either sitenamePR.COM or sitename-PR.COM instead of sitename.com.pr or sitename.pr (if you see the prices for registration, you'll understand).
Reply to this comment
by someonewhoactuallyknows April 28, 2009 8:01 AM PDT
Get your facts straight. Gauss Research Inc. and nic.pr had been out of the UPR for years.
by blueshore April 28, 2009 7:22 PM PDT
I stand corrected. It used to be a project at the UPR, but now is either a no for-profit or a for-profit corporation. There a two entries on the PR state department, one from November 2006 (FPDC) and another from January 2008 (NFPDC).
by biffhenerson April 28, 2009 6:47 AM PDT
Free security testing of your servers. I can't beat that price! In my opinion, you should thank them for their free test, and then send them to prison for life. The value the bring is far less than the damage they cause. Zero-tollerance for hackers.
Reply to this comment
by someonewhoactuallyknows April 28, 2009 7:59 AM PDT
blueshore: <br /><br /> Please get your facts straight. Gauss Research Inc. and nic.pr had been out of the UPR for years.
Reply to this comment
by cansakarya April 28, 2009 1:46 PM PDT
the bottom of the page is written in Turkish hunting time (avlanma zamani)
by blueshore April 28, 2009 7:22 PM PDT
I stand corrected. See previous remarks.
by cansakarya April 28, 2009 1:45 PM PDT
the bottom of the page is written in Turkish hunting time (avlanma zaman?)
Reply to this comment
by prdna May 6, 2009 3:54 PM PDT
The Gauss Laboratory is a for profit entity these days. They sneaked out of the university in 2006 and the professor that did it, just retired from the University and is currently enjoying a nice income. Apparently his is very comfortable with the nice income situation and do not care about having a strong technical group. The results is what we read here.
Reply to this comment
(12 Comments)
  • prev
  • next
advertisement

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET