Romanian Versions of Google, Yahoo Homepages Defaced by Algerian Hacker
Earlier today, the web pages associated with Google and Yahoo search pages have been hijacked to a defacement page. The page was up for more than one hour but is now fixed.
Preliminary investigation reveals that neither Google, nor Yahoo servers have been hacked or otherwise compromised. Instead, the attackers have changed the DNS records for the domains to point the domain names to a server in the Netherlands that also probably got hacked.
This appear to be the work of the same hackers who have breached into Pakistan’s most popular web services a couple of days ago. However, while the motivation was strictly political in Pakistan, the attackers did not provide any clue about the reason they attacked the Romanian services. The troubled state of society in the Middle East has given birth to a number of responses from digital activist groups, that end up attacking popular websites and dragging innocent users as collateral damage.
If you have visited the affected websites while they were compromised you are strongly advised to flush your DNS cache by typing ‘ipconfig /flushdns’ in Windows, ‘rndc flushname google.ro’ in Linux or Unix and ‘dscacheutil –flushcache’ in Mac OS X.
It appears that the rogue IP has been somehow snuck into the RoTLD DNS system, which lead it to be announced to all caching DNS servers of ISPs. What is extremely important is the fact that the IP was also cached by Google’s DNS service (18.104.22.168 and 22.214.171.124). Some Internet service providers have already renewed their DNS cache for google.ro, while others are still serving the poisoned results.