Google, Yahoo Among Sites Hit in DNS Attack Targeting Romanian Domains
The DNS attack redirected traffic for several .ro sites, and the incident appears linked to a group behind similar DNS attacks.The Romanian versions of Google and Yahoo were among the sites diverted Nov. 28 after a Domain Name System attack on the Romanian Top-Level Domain Registry (RoTLD). The sites themselves were not hacked. According to security researchers with Romania-based security firm BitDefender, the attack appears to be the work of The Algerian Hacker Group, an organization incorporating almost 200 different teams of hackers that is also targeting DNS systems of other national top-level domains (TLDs). The Romanian hack, BitDefender noted in a blog post, is the fourth incident in the past month, which has also seen DNS attacks on Ireland, Israel and Pakistan TLDs. "[Wednesday's] attack managed to poison DNS cache servers of all Internet Service Providers, including the Google DNS (220.127.116.11 and 18.104.22.168) as these ISPs cache the DNS resolution sent by RoTLD to speed up the resolution process when other similar requests are made," the company explained. "Some ISPs have already flushed their caches, others are still serving rogue resolutions. We are continuously scanning the DNS zones for the Romanian Internet and contacting ISPs individually for mitigating the crisis in the shortest time."
In addition to Google and Yahoo, the other sites affected by the incident are Microsoft.ro, Hotmail.ro, Windows.ro, Kaspersky.ro and paypal.ro, according to Stefan Tanase, senior security researcher at Kaspersky Lab. Before the attack was resolved, the Google and Yahoo domains were resolving to an IP address in the Netherlands.