Dot RO domains being targeted by Hackers
An article by Techcrunch that is currently covering the Google.RO domain site was hacked and had its name servers redirected to a lander page as per the image and article below.
Apparently they have also hacked Yahoo.ro and Paypal.ro but neither has been confirmed…
Do you own any .RO domain names?
Has this happened before in the dot RO domain space?
So how big is the .RO domain space?
According to their wiki page – .ro is the Internet country code top-level domain (ccTLD) for Romania. It is administered by the National Institute for R&D in Informatics. As of December 2007, about 250,000 domains were registered under the .ro domain. In June 2008 there were around 6.8 million Google results for the .ro domain. On July 2009 there were 430,000 .ro domain names.
Looks like Pakistan is not the only place where major internet companies’ domain names can get hacked. This morning, google.ro, was taken over, with the credit being taken by “Algerian Hacker” MCA-CRB, a serial website defacer. The site looked like the picture above for at least an hour, according to our tipster. It still looked like this when I took the screenshot, although now the site seems to have been taken down altogether. It appears to be showing the hacked page again now.
Softpedia is reporting that the same thing has happened to Yahoo’s site, but the site looks fine to me right now. Paypal.ro is also redirecting to the same page as Google.ro, although Paypal also operates another site at https://www.paypal.com/ro/ that is up.
The text on the hacked site reads: “By MCA-CRB / Algerian Hacker” and gives credit to three names, “all members Sec” — so perhaps in one of the many loose groups of hackers that associate themselves with Anonymous and LulzSec. “S thanks = Mr-AdeL & i-Hmx & Lagripe-Dz All Members Sec,” the page reads.
MCA-DRB is also threatening more. “To Be Continued ….” the site says.
That’s not an empty threat, it seems. MCA-DRB, according to Zone-h’s registry of hacked sites, has been responsible for 5,530 site hacks and defacements to date, with many of them appearing to cover government and public services sites from countries across Asia, Africa, Europe, Australia and the Americas. By comparison, the Zone-h attributes 313 sites to Eboz, not counting the 284 from over the weekend.
Interestingly, this doesn’t seem to be happening everywhere. My colleague Drew sent me the screenshot for Google.ro from his computer in California and it seems to look like business as usual:
And it doesn’t seem to be following the same form as this weekend’s defacement exercise in Pakistan, where 284 sites were taken down by a hacker called Eboz. That attack appeared to have to do with the infiltration of the country’s domain registry PKNIC, where all of the affected domain name servers were redirected to servers hosted by Freehostia. But according to current checks on Google.ro, the site is still going to Google name servers.
We are reaching out to Google for comment and will update this story.
More to come. Refresh for updates.