Google ‘hack’: Malaysian domain register MYNIC breached again
By Digital News Asia April 15, 2015
- Yahoo also affected by unauthorised modifications at the DNS level
- MYNIC has implemented Two-Factor Authentication, looking into other measures
MALAYSIAN domain registrar MYNIC Bhd has confirmed that there were unauthorised modifications at its Domain Name Server (DNS) for several major websites, including Google Malaysia and Yahoo Malaysia, on April 14.
“Our initial investigations found that the redirections were done through unauthorised modifications at the DNS level,” chief executive officer Hasnul Fadhly Hasan said in a statement.
“Our team is now taking all necessary measures to monitor the situation and prevent further issues. We can assure that customer data was not affected by [the] incident,” he added.
READ ALSO: Cloud and security, and the changing Asian approach
MYNIC said it is collaborating closely with the Malaysian Communications and Multimedia Commission (MCMC) to resolve the issue.
Some Internet users may still see the affected pages within 24 hours due to the way DNS works, it added.
Social media networks in Malaysia were abuzz early April 14, with many people erroneously reporting that the Google Malaysia website had been hacked. The Malay Mail Online, however, reported the possibility of a DNS redirect.
This is not the first time MYNIC’s servers have been breached. The most widespread attack was in 2012, affecting the Malaysian websites of multinationals such as Dell, Microsoft, MSN, Skype, Bing, Kaspersky, YouTube, and Google, the last a perennial favourite.
This was followed by another attack in 2013, this time affecting the Google Malaysia website only.
MYNIC is an agency under the Ministry of Communications and Multimedia Malaysia, and is supposed to be regulated by the MCMC. It is the sole administrator for web addresses that end with the ‘.my’ suffix in Malaysia.
“As part of our ongoing efforts to safeguard domain names and improve the security, we have introduced a second layer of identity verification called Two-Factor Authentication (2FA),” Hasnul said.
“This will ensure only the right authorised person is receiving the access code and able to change domain name records. Moving forward, we’re also looking to further enhance other layers of DNS validation to ensure end-to-end protection,” he added.
When the media, including DNA, let down readers
Malaysian sites hit by DNS poisoning
Malaysia’s domain registrar MYNIC breached … again
Freenom launches .ml domain in Malaysia, expects business to boom
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.