Puerto Rico sites redirected in DNS attack

An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.

Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, Amichai Shulman, chief technology officer at Imperva, said on Monday.

A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system, he said. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added.

While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information.

People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited.

Calls to Gauss Research Lab, the organization that manages Puerto Rico's top-level domain, were not answered late on Monday.

This is the message the hackers left on sites affected by the DNS redirect attack, according to mirrors of the defacements captured by Zone-H.org.

(Credit: Zone-H.org)

[SIGHUP]

We're seeing more and more of these DNS-related attacks and seeing them scale up ?
Did someone explain to this idiot that he was not hit with a new DNS attack, but an old SQL injection attack. I hope his incompetent ass gets fired.

[rollcage]

The group used a SQL injection attack to break into the registrar's system, and then used DNS redirects to send people to fake sites ("DNS-related")...so technically, the guy is still correct.

[JCPayne]

Well, who owned the redirected servers that were used during the attack? The new spoofed DNS entries had to point to somewhere.

[blueshore]

Gauss Lab is a sponsored project of the University of Puerto Rico (which is the state university), which also handles the Internet Exchange Point in Puerto Rico. There are some speculation that this project is going into the private sector for a number of reasons.

In any case, most of the affected DNS entries are within the .pr TLD. Most of the sites that are Puerto Rico related uses either sitenamePR.COM or sitename-PR.COM instead of sitename.com.pr or sitename.pr (if you see the prices for registration, you'll understand).

[someonewhoactuallyknows]

Get your facts straight. Gauss Research Inc. and nic.pr had been out of the UPR for years.

[blueshore]

I stand corrected. It used to be a project at the UPR, but now is either a no for-profit or a for-profit corporation. There a two entries on the PR state department, one from November 2006 (FPDC) and another from January 2008 (NFPDC).

[biffhenerson]

Free security testing of your servers. I can't beat that price! In my opinion, you should thank them for their free test, and then send them to prison for life. The value the bring is far less than the damage they cause. Zero-tollerance for hackers.

[someonewhoactuallyknows]

blueshore:

Please get your facts straight. Gauss Research Inc. and nic.pr had been out of the UPR for years.

[cansakarya]

the bottom of the page is written in Turkish hunting time (avlanma zamani)

[blueshore]

I stand corrected. See previous remarks.

[cansakarya]

the bottom of the page is written in Turkish hunting time (avlanma zaman?)

[prdna]

The Gauss Laboratory is a for profit entity these days. They sneaked out of the university in 2006 and the professor that did it, just retired from the University and is currently enjoying a nice income. Apparently his is very comfortable with the nice income situation and do not care about having a strong technical group. The results is what we read here.