This weekend, the DNS settings of a group of popular websites were hacked to redirect to the site of a Turkish hacker.
When users attempted to visit the sites of The Daily Telegraph, UPS, Vodaphone, The Register, National Geographic and others, they were greeted by a headline reading “Turkish Security, Come to Papa” in Turkish (see picture, left). The group behind the hack also claims credit for hacking the South Korean domain name registrar last month, an attack that affected over 100,000 domains, including those of HSBC Korea and Epson Korea.
When a site’s DNS settings are hacked, it is not the same as the website itself being hacked. When hackers go after a website, they look for vulnerabilities in the site’s code. When they target the DNS settings, they have to hack into the domain name registrar in order to gain access. Representatives from The Guardian reported that the hackers had gotten access through Netnames and others.
The DNS settings of a given domain name basically tells it what IP address it should direct to; in this case, the hackers changed the IP addresses listed to the one for the “Turkish Security” site. Because of the way DNS changes work, not all visitors to these sites were affected by the hack at the same time. In turn, not all will be able to see the fixes that are made at the same time. As a precaution, The Register has opted to shut down its entire site as a precaution to shield its readers. Users can also clear their cookies in order to block the hackers from stealing their information.
Fortunately, this hack appears to merely be a prank. But the potential damages that DNS hacks are capable of wreaking are no joke.