Google's Malaysia site latest to be felled in DNS attacks
Google’s website for Malaysia was briefly tampered with on Friday, underscoring continuing weaknesses in entities administering crucial website address database records.
The site, “google.com.my,” was functioning normally later on Friday, but had briefly displayed a page put in place by the hackers.
A group calling itself “Team Madleets” claimed responsibility for the hack on Facebook. According to the group’s Facebook page, it claimed to have modified Google domains for Serbia, Kenya, Burundi and Pakistan over the last few weeks.
The country-code top level domain “.my” is administered by the Malaysia Network Information Center (MYNIC). An official contacted Friday morning said the organization was investigating a DNS (Domain Name System) attack. It wasn’t immediately clear how the group performed the attack.
Later in the day, MYNIC confirmed that “google.my” was also affected and redirected to a page controlled by Team Madleets. “At the moment, we are undertaking all necessary measures to monitor the situation and prevent further related issues,” according to a statement on its website.
The DNS is a distributed database that allows a domain name to be translated into an IP address that can be requested by a Web browser. Companies and organizations that hold those records have come under attack by hackers in recent weeks.
Attackers have found success in capturing login credentials for people authorized to modified the records through targeted email attacks known as spear phishing.
If a DNS record is modified, it can cause a person looking for a website to be redirected to a different one controlled by the hacker. That’s dangerous because the site a person is redirected to could be engineered to attack a person’s computer and deliver malicious software.
Team Madleets describes itself as an ethical hacking group on its Facebook page. In a post, it said the MYNIC hack was not the “result of any kind of hate.”
Google did not immediately comment on the attack.
Top-level domains such as “.com” and country-code top level domains are held by a variety of companies and organizations. The security of those records is managed by those companies and is often mostly out of the control of the entities whose DNS records they hold.
Earlier this week, a pro-Palestinian group gained entry to Network Solutions’ network and modified DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.