Google’s Malaysian site has been hacked and replaced with a splash screen giving credit to a group called “Team Madleets.” The normal site has been offline for several hours as of late Thursday afternoon and the page lists a series of handles that are ostensibly part of the team responsible. Updated with brief statement from the hackers below.
The attack appears to have been of the DNS poisoning variety, in which a hacker gained access to the Malaysia Network Information Center and changed the DNS records of Google’s site to Madleets-controlled servers. So no information appears to have been changed on Google’s servers at this time, as this is a redirect attack of sorts.
The stamp at the top says ‘[!] Struck by 1337′, which is apparently a reference to an individual hacker within the group called 1337, who has recently (allegedly) performed hacks on domain registrars of several countries. A message on 1337′s Facebook page says “Google Malaysia Stamped By 1337″ and references the google.com.my and google.my domains. The only other indicator about who the group could be is a reference to them being Pakistani in origin.
Once they hack the google.com I'll give them credit
.
So they didn't actually hack Google's servers or anything special, just some DNS poisoning... :|
Anyone who uses 1337 in their name, or organisation deserves to be punched many many times in the face.... Skids...
DNS poisoning isn't particularly even hacking. It could literally even have been a social engineering attack or even brute forcing the registrar.
They seem to be desperate in doing something big, but failed big time. Why would you say you hacked google when all you just did was hacking malaysian network?
(2013-10-13, 12:51 AM)kavin Wrote: [ -> ]They seem to be desperate in doing something big, but failed big time. Why would you say you hacked google when all you just did was hacking malaysian network?
To make it sound cooler than it was, or hope that people only said that they hacked Google, leaving out the details of it being the Malaysian network.
DNS poisoning is a very valid attack - don't downplay it. No, their actual servers weren't breached, but just like DOS attacks, it doesn't always need to be.
When you rely on a 3rd party, you take on the risks associated with it. Whether you use a CDN, Cloudflare or any other external script, you risk being compromised if the 3rd party gets compromised, even if no-one else actually gained access to your server.
Google have plenty of resources, and one would presume that they'd be able to prevent something like this.
http://dnssec-debugger.verisignlabs.com/google.com.my
http://dnssec-debugger.verisignlabs.com/google.my
(arguably not all resolvers support or validate DNSSEC, but not implementing it in the first place certainly doesn't help)
(2013-10-13, 08:19 AM)�?�?�?�?� Wrote: [ -> ]DNS poisoning is a very valid attack - don't downplay it. No, their actual servers weren't breached, but just like DOS attacks, it doesn't always need to be.
When you rely on a 3rd party, you take on the risks associated with it. Whether you use a CDN, Cloudflare or any other external script, you risk being compromised if the 3rd party gets compromised, even if no-one else actually gained access to your server.
Google have plenty of resources, and one would presume that they'd be able to prevent something like this.
http://dnssec-debugger.verisignlabs.com/google.com.my
http://dnssec-debugger.verisignlabs.com/google.my
(arguably not all resolvers support or validate DNSSEC, but not implementing it in the first place certainly doesn't help)
I highly doubt their priority were Google Malaysia servers, but nonetheless, they still were not hacked, their provider was.
(2013-10-13, 12:08 PM)Riad C. Wrote: [ -> ]I highly doubt their priority were Google Malaysia servers, but nonetheless, they still were not hacked, their provider was.
You're seemingly contradictory there, like, why would they need to "prioritise" the servers if they never got "hacked"?
Regardless of what you meant, in the end of the day, they were successfully attacked with a well known attack - something that could have been mitigated had they been a little more diligent.
(2013-10-14, 10:27 PM)�?�?�?�?� Wrote: [ -> ] (2013-10-13, 12:08 PM)Riad C. Wrote: [ -> ]I highly doubt their priority were Google Malaysia servers, but nonetheless, they still were not hacked, their provider was.
You're seemingly contradictory there, like, why would they need to "prioritise" the servers if they never got "hacked"?
Regardless of what you meant, in the end of the day, they were successfully attacked with a well known attack - something that could have been mitigated had they been a little more diligent.
I think he meant the google servers would not have been given priority by the ISP just because it's google.