Hundreds of Pakistan websites have been taken down or defaced today, allegedly by the Turkish hacker group Eboz. According to eHacking News almost 300 sites have been affected including the Pakistan Google, Microsoft, Apple, and even EBay.
This is interesting news as earlier in the week a Pakistan hacker group took down many of the Israeli versions of the same sites.
Many websites were defaced with this message that could still be seen on EBay.pk when this article was created:
While others just seemed to be offline, like this screenshot from Google.pk:
And the Pakistani Microsoft site:
Again like the Israeli websites that were defaced, it seems that DNS servers have been hacked in this case as well. Sending some quick pings out to several of the affected sites returned the local loopback address of 127.0.0.1:
This address is used to connect to your local machine and would never be assigned to a live website. Or possibly the address may have been temporarily changed to stop incoming attacks.
And according to TechCrunch, the Pakistani TLD looks to have been compromised in this attack:
“The root of today’s attack, it seems, came via a breach of Pakistan’s TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected organizations via PKNIC’s look up, it appears that all the sites are now redirecting to two nameservers, dns1.freehostia.com and dns2.freehostia.com.”
Hacking DNS servers seems to be the new trend with Hacktivists. And is actually a much more worrisome attack than just defacing a random webpage, as the hacker controls what website the visitor will be sent to.
We will release more information as we hear about it.