MSN NZ HACKED


Wow long time no post…
Today whilst opening up the default MSN homepage in I.E I was stunned to find that it had been hacked by “Peace Crew”.
I asked Nathan Mercer at MSFT what the story was and apparently the Hijackers stole the DNS entry from their registrar and redirected.
Windows Server had no part to play in this incident the attackers simply took the site down at a higher level. Looks like not everyone is immune to hackers then huh.
An output of their DNS entries shows:
name | class | type | data | time to live | |||||||||||||||
msn.co.nz | IN | MX |
|
14400s | (04:00:00) | ||||||||||||||
msn.co.nz | IN | SOA |
|
86400s | (1.00:00:00) | ||||||||||||||
msn.co.nz | IN | NS | fatih1.turkguvenligi.info | 86400s | (1.00:00:00) | ||||||||||||||
msn.co.nz | IN | NS | fatih2.turkguvenligi.info | 86400s | (1.00:00:00) | ||||||||||||||
msn.co.nz | IN | A | 95.211.11.163 | 14400s | (04:00:00) |
Edit: Appears to be fixed now 😉
Edit2: Looks like they took over a raft of New Zealand websites including WindowsLive.co.nz, MSN.co.nz, Microsoft.co.nz, Hotmail.co.nz, Live.co.nz next to HSBC.co.nz, Sony.co.nz, Coca-Cola.co.nz, Xerox.co.nz, Fanta.co.nz, F-Secure.co.nz and BitDefender.co.nz. (http://blogs.zdnet.com/security/?p=3185)
Posted in MS News | 1 Comment »
April 21st, 2009 at 4:28 pm
[…] members of the Peace Crew used fatih1.turkguvenligi .info and fatih2.turkguvenligi .info as primary DNS servers delivering the defaced pages, and making it look like the sites themselves have been […]