Iranian hackers deface multiple big companies Turkmenistan domains (.tm) yesterday using DNS poisoning attack.The defaces includes major sites of Google,Youtube,Orkut,Gmail,Intel,Xbox,etc. All those Hacked domains are registered at NIC Turkmenistan. Hackers used SQL Injection Vulnerability to get the access to Database of NIC website.
The plain text passwords stored in the database makes very easy for hackers to access all the domain panels and changing the DNS entries to shift websites on a rouge server with defaced page.
As usual the hackers uploaded a simple html page to show that the site has been defaced by them. The defaced message as shown below.
The defaced domain names include
- http://www.google.tm
- http://www.youtube.tm
- http://www.xbox.tm
- http://www.gmail.tm
- http://www.msdn.tm
- http://www.officexp.tm
- http://www.windowsvista.tm
- http://www.intel.tm
- http://www.orkut.tm
This is the first attack on NIC websites in 2013. Whatever it may be, but it points out strongly that still many of the websites having SQL vulnerabilities. The hackers have also got access to DNS records.
You can view the entire Data leak from here
http://ha.cker.ir/2013/01/data-leakage-from-nic-tm/
Mirrors of Defaced sites can be viewed here
http://zone-h.com/archive/ip=198.105.216.250
http://append-hc.com/mirror/id/66204