Reseller account hack caused Google's Malaysia sites to redirect

The administrator for “.my” domain names in Malaysia plans to strengthen the security of partners that resell its services following an attack that affected Google on Friday.

The Malaysia Network Information Center (MYNIC) said in a news release that a compromised reseller account resulted in “www.google.my” and “www.google.com.my” being redirected for a few hours to a page controlled by a group of hackers calling themselves Team Madleets.

As a country-code top-level domain (ccTLD) name registry, MYNIC manages domain names ending in “.my.” But it has more than 50 partners that are authorized to sell its services. Changes to DNS records managed by resellers are then distributed globally.

MYNIC did not identify the affected reseller. The organization said it would undertake measures to improve reseller account security. No customer or password information was affected by the redirect.

A pro-Palestinian group gained last week entry to Network Solutions’ network and modified its DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.

Melbourne IT, an Australian domain name reseller, said in August that one of its resellers was compromised after a targeted email phishing attack. The hackers then redirected domains belonging to the New York Times, Twitter, the Huffington Post and ShareThis.

The Syrian Electronic Army (SEA), which publicly supports Syrian President Bashar al-Assad, claimed responsibility for that attack on Twitter.

Subscribe to the Security Watch Newsletter

Comments