Google Indonesia was Hacked earlier today and left defaced for hours.What is DNS Poisoning?How long the Website was left defaced?
MaDLeeTs are known for attacks like these targeting the search giant Google, only last year in October they had hijacked Google Malaysia using a similar same method.
What is DNS Poisoning?
DNS spoofing (or DNS cache poisoning) is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website. Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls, thus redirecting the traffic to his own deface page. In this case it is believed that the DNS spoofing led the Google Indonesia users to another IP which carried the MaDLeeTs defaced page which Techworm believes to be https://167.114.12.10/.
How long the Website was left defaced?
While it is not clear for how long the website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one. [!]Struck by 1337, Security is just an Illusion message on the deface page read. The website has been restored back to normal now, but it is still unclear if the domain registrant was breached by the hacker, and if the they still have control over it and we may see such kind of attacks in future. Update (only on Techworm: One of the team members from MaDLeets has confirmed to Techworm that they were able to hack into the official Domain Registrar of Indonesia (https://www.pandi.or.id/) . Using the Domain Registrar hack, they updated domain name servers. A screenshot taken by the hackers from the NIC Indonesia with controls to Google Indonesia domain panel can be seen below :
