DNS attacks in Malaysia inaccurately reported as victim websites themselves having been hacked
Such misinformation only emboldens hacker groups into targeting easier prey for better publicity
THERE’S that old saying, about no matter how tight your mosquito net is, one always gets through the mesh.
It is stuff like this that keeps information security professionals up at night: No matter how secure a system is, a skilful enough hacker with the time and resources on hand, will generally be able to break through.
The point, some would say, is to make it not worth his or her while, so that the hacker would go on and pick on less troublesome targets.
No defence in 100% impenetrable, so I can sympathise with organisations that are the victims of hacking attacks.
However, what I find hard to sympathise with is obfuscation or a reluctance to disclose information, in misguided attempts to evade responsibility and accountability, or in the mistaken belief that if they don’t say anything, the press and the public would soon forget about it and move on.
The sad thing is, they’re often right. Case in point: The two attacks this year against the Malaysian domain registrar MYNIC Bhd. In the first, in July, its servers were hacked into -- or, if you want a softer term, ‘compromised.’ In the second, on Oct 11, it said that one of resellers had been breached.
Both attacks were cases of DNS hijacking or poisoning, which led to search queries for certain websites being redirected to temporary sites deliberately set up to give the false impression that the websites concerned had been hacked.
The July attack was more damning, having affected Dell Malaysia (.com.my), all Microsoft sites on the .my suffix -- notably MSN Malaysia (.com.my), Skype Malaysia (.com.my) and Bing Malaysia (.com.my) -- as well as antivirus site Kaspersky (.com.my), Google Malaysia (.com.my) and YouTube Malaysia (.com.my).
The more recent attack only affected Google search pages in Malaysia.
In neither case were the websites themselves hacked.
And this is where Digital News Asia (DNA), and I personally, failed. After the July attack, we had sent queries to both MYNIC and industry regulator the Malaysian Communications and Multimedia Commission (MCMC) for additional information. While both parties did send us the general statements they had issued to all the media, neither responded to specific questions DNA had asked.
And we let it be. In that, we failed our readers and the Malaysian public, and I apologise. In our mission statement, we say that we intend to act as the Fourth Estate in the ICT ecosystem. Part of that job entails holding the powers-that-be accountable for their actions, or inaction.
To do that, we have to be more dogged and persistent, and when required, pesky. Better to piss off some people who probably deserve it, rather than to fail our readers who don’t.
And we’re all paying for it now. Why? Because one of the specific follow-ups we asked the MCMC was to get it to clearly state that none of the websites in July attack had been hacked, and that the fault and breach lay only with MYNIC.
Why were we being so anal about it? Because many websites kept reporting that these websites had been hacked, even after the first DNA report had clarified the matter, and even after the general statements issued by MYNIC and the MCMC. Many blogs and social media feeds kept inadvertently spreading this misinformation.
Indeed, one Malaysian mainstream news portal even ran a follow-up the next day, stating that the administrators had ‘apparently fixed’ their websites – completely ignoring the MCMC’s obtuse statement that the domain registrar had been the one breached, not the websites.
Indeed, a line was even inserted how Google Malaysia had denied its website had been hacked – in a manner that implied the search giant was playing the usual public relations game of denial.
The same thing happened again in the October attack, although this time two respected US-based tech blogs broke the news first, as far as I know. Unfortunately, in both cases, it was first reported that the Google Malaysia had been hacked – later updates noted it was a DNS hijack, but the text still contains references to Google having been hacked.
I guess ‘Google Malaysia hacked’ has a sexier cadence than ‘Some domain name registrar in some developing country hacked.’
The only ones who got it right were DNA and The Star Online, whose Tan Kit Hoong was in fact the first journalist in Malaysia to break the story. [Full disclosure: Tan is a former colleague of mine at The Star].
So what has all this misinformation got us? It has emboldened such hackers because now they know they can break into a small country’s domain name registrar, and get all the false publicity of having brought down multinationals.
Isn’t it about time our authorities set the record straight?
Malaysian sites hit by DNS poisoning
Malaysia’s domain registrar MyNIC breached … again (Updated)
DNS hijacking: Government needs to step in
Week in Review: Trust, security and standards, or lack thereof
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.