Turkish DNS Hijackers Highlight Internet Vulnerabilities

On Sunday there were red faces of embarrassment and red faces of anger as Turkish hacker group Turkguvenligi successfully hijacked the DNS records of a string of prominent UK websites. The list of companies affected included Vodafone, UPS, The Daily Telegraph newspaper, online gambling site Betfair and the sarcastic scribes at The Register. The latter reacted exactly as you would expect them to – by blowing raspberries at their provider, NetNames; you can read it here. Turkguvenligi used an SQL injection (how corny is that?) to get into the DNS panel of two domain name registrars, NetNames and Ascio. Having done that, they picked off some premium domain names and rerouted them via their own DNS servers to an alternate page set up by Turkguvenligi. If that all sounds like gobbledygook to you, then (1) shame on you – we are living in the age of the internet, and (2) it means the actual websites were untouched, but the internet’s DNS addressing system was corrupted to take users who typed in the right URL to the wrong website. Think of it like the postman delivering all your mail to somebody other than you. You sit there, clueless, wondering why you are not getting any mail any more. Then you discover it all went to some criminal operation instead, which then took advantage of your customers. Sophos gave a slightly more detailed explanation of DNS hijacking, including a screenshot of the page that Turkguvenligi redirected people to; see here.

Fortunately, the Turkish hackers were pranksters, and not mobsters, as was clear from the interview they gave to The Guardian; see here. But the damage could have been far worse. Sending users to the wrong site obviously creates great potential to steal information from unsuspecting members of the public. The internet, and any organization which uses the internet, depends on the security of the DNS system to function properly. Whilst the redirections were reportedly reversed within 3 hours, there is genuine cause for concern if ‘expert’ domain name providers can be hacked like this, especially as the hack was done by a group of jokers who just wanted to publicize themselves. The internet has become a cornerstone for how people and organizations communicate to each other; nobody (but a hacker) wants to see those connections hijacked.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.