The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: hijack DNS

Global Internet Authority ICANN Has Been Hacked

Global Internet Authority ICANN Has Been Hacked

December 18, 2014Swati Khandelwal
The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed. The attackers used " spear phishing " campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts. The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet's address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system. " We believe a 'spear phishing' attack was initiated in late November 2014 ," Tuesday's press release stated. " It involved email messages that we
Algerian Hacker hijack Romanian Google and Yahoo Domain

Algerian Hacker hijack Romanian Google and Yahoo Domain

November 28, 2012Mohit Kumar
Algerian Hacker today hijack DNS Yahoo, Microsoft or Google and Paypal redirect users to a deface page. Credit being taken by Hacker going by name MCA-CRB , a serial website defacer. MCA-CRB is a prolific online graffiti artist who has defaced at least 5,000 sites, according to records kept by Zone-H. After Hijacking both domains resolve to an IP address located in the Netherlands," at 95.128.3.172 (server1.joomlapartner.nl). " When we heard about this incident, we were pretty skeptical about the attack. A site such as Google's can be theoretically hacked, but it is very unlikely. Then we noticed that both domains were directed to an IP address in the Netherlands […], so it seemed more like a DNS poisoning attack ," said Stefan Tanase from Kaspersky Lab Romania. " All we know is that Google's public DNS servers (8.8.8.8 and 8.8.4.4) were resolving requests for google.ro and other major .RO websites to the IP address hosting the defacement page ," Tanase said. Google
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.