Turkish hackers have managed to break into New Zealand domain registrar Domainz.net, redirecting unsuspecting surfers to defaced versions of popular websites by changing DNS records.
Websites such as www.hsbc.co.nz, www.sony.co.nz, coca-cola.co.nz, www.xerox.co.nz, www.msn.co.nz, www.microsoft.co.nz and hotmail.co.nz as well as security vendors www.f-secure.co.nz and www.bitdefender.co.nz had their traffic redirected to third party servers containing a defaced page after hackers took advantage of an SQL Injection attack.
In the case of the Microsoft site, the usual webpage was replaced with an image of Bill Gates being on the receiving end of a custard pie. (Funnily enough, this isn’t the first time the image has been used by hackers.)
The hackers responsible for the attack are believed to members of the Turkish “Peace Crew” defacement gang.
You can’t help but feel sorry for the innocent companies affected by this attack. It’s not as though they did anything wrong in terms of security – the attack was against the domain registrar looking after their internet records. Rival domain registrars would be wise not to feel too smug at Domainz.net’s misfortune, but asking themselves urgently if they might be vulnerable to similar attacks.