The Hacker News Logo
Subscribe to Newsletter

Algerian Hacker hijack Romanian Google and Yahoo Domain

Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB, a serial website defacer.

MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands,” at 95.128.3.172 (server1.joomlapartner.nl).

When we heard about this incident, we were pretty skeptical about the attack. A site such as Google’s can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack,” said Stefan Tanase from Kaspersky Lab Romania.

"All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page," Tanase said.

Google Romania also explained it was a domain issue and the company is currently investigating the issue with the organization responsible for managing domain names in Romania, Romania Top Level Domain.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.