Last night just before midnight, I noticed someone tweeting that msn.co.nz had been hacked. Obviously such a high profile domain is an attractive target for hackers and hacktivists alike, but it is relatively rare that they are succesful, so I quickly tapped the link into my browser and went to take a look.
Sure enough, this is what I see:
The picture of Bill Gates was taken after French anarchist Paul Godin chucked a custard pie at Mr Gates in April of 1998. The text below the image read:
“Aaaare youuuu Hackeeeed !!
by Agd_Scorp – rx5 – Cr@zy_King
JeXToXiC, , 4R!F, KacaK, BLAsteR, Cebrail, AmeN
Zec, TheHacker, ZeberuS, s3f4, Frabiyy, NetRoot, Suskun
PAKbugs Crew Friends :Zombie_KSA, spo0fer, xOOmxOOm
STOP THE WAR ISRAEL”
It appeared to be a simple case, albeit it relatively high profile, of hacktivism. The compromised site wasn’t redirecting to any malicious code, so informed my colleagues in New Zealand so they could let MSN know, and went off to bed.
Looking at a zone-h article this morning, it seems it was a little more extensive than it at first appeared. The machine that was actually compromised (via a SQL injection) belonged to the registrar domainz.net and the hacktivists were able to redirect several company websites (including Microsoft Hotmail & MSN, Coca-Cola, Xerox, F-Secure & Bitdefender) to the server with the defaced pages.
When it comes to attacking high profile targets it can often be that the registrar is the chink in the security armour. In fact zone-h notes that registrars have been “one of the main aims of the past months“.
If attacks like this can be said to serve any purpose at all, then perhaps they can serve as a reminder that we all need to absolutely ensure that our business partners meet our own high security standards, and that stands in both the on and offline worlds.