ED#195 : No, Google Malaysia Didn't Get Hacked
This morning, Malaysians were treated to a shocking sight when they got down to serious work after breakfast and some Facebook time. Instead of a simple Google page showing a cowboy on a galloping horse, it showed a black page claiming that Google Malaysia had been hacked by TiGER-M@TE, with the hashtag #Bangladeshi HackeR.
Despite the bold claim, TiGER-M@TE did not actually hack Google Malaysia. Rather, they hacked MYNIC Berhad, the Malaysian agency in charge of administering the .my domain name.
Once they gained access to MYNIC's system, they merely changed the nameserver setting for google.com.my to point to 82.165.130.208 (s16013830.onlinehome-server.info), which is a server they control or had earlier hacked to display the black greeting page.
That's why even Yahoo Malaysia was affected but displayed the same page. If this was a genuine hack, they would have used a different page for Yahoo Malaysia, and they wouldn't have needed to redirect Google and Yahoo users to that server, which is incidentally located in Germany.
That said, it was still a significant attack because it took several hours before Google Malaysia was able to redirect users to their own servers. During that time, users either had to know enough to manually use an alternate Google address like google.com.sg or switch to a different search engine like Bing.
At the time we wrote this, Yahoo Malaysia was still pointing to the German server, more than 8 hours since we first noticed the problem.
Heads should roll in MYNIC since this isn't the first time hackers have gained access to their systems and redirected users through DNS poisoning / spoofing. But then again, it's Malaysia... This isn't the first time, and it won't be the last time. Malaysia boleh!
How to give Adobe Photoshop a performance boost with your GPU
If you like this article, please share it! -> |
MYNIC Responds
MYNIC has issued a press release on their successful resolution of this security breach "within 24 hours". Interesting to note that they are only now starting to implement a Two Factor Authentication (2FA) verification process. The 2FA process should have been part of their security protocol long ago!
How to integrate cloud storage services with Microsoft Office 2013 and Office 365
If you like this article, please share it! -> |
Other Scoops
- What to do if you destroyed your Apple iPhone?
- Samsung Galaxy S6 & S6 Edge Launch Date & Prices
- HTC To Provide Free Accidental Damage Warranty For The HTC One M9!
- Pre-Order Record For Samsung GALAXY S6 & S6 Edge & Other Updates
- Apple iPhone 6 Copy Corruption Bug
- Experiencing The Samsung Gear S Smartwatch
- The New TrueCrypt - VeraCrypt Or CipherShed?
- #Bendgate Isn't New But It Could Finally Change The Industry For The Better
If you have a scoop you want to share with us, just contact us! It doesn't have to be Apple-related. It can be anything in the tech industry, from mobile phones to P2P software. Just drop us a message!
Support Tech ARP!
If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!
Support us by buying from Amazon.com! |
|
Grab a FREE 30-day trial of Amazon Prime for free shipping, instant access to 40,000 movies and TV episodes and the Kindle Owners' Lending Library! |
Questions & Comments
If you have a question or comment on this editorial, please feel free to post them here!
Date |
Revision |
Revision History |
14-04-2015 | 1.0 |
Initial Release. |