DNS poisoning: MYNIC admits servers compromised
By A. Asohan & Gabey Goh July 2, 2013
- Domain registrar’s statement confirms websites had not been hacked
- Industry regulator MCMC and police set up team to investigate
THE registrar for the ‘.my’ top level domain MYNIC Bhd has admitted its servers had been compromised, which led to search queries for certain websites being redirected to temporary sites (pic above) deliberately set up to give the false impression that the websites concerned had been hacked.
The incident took place on July 1, with Digital News Asia (DNA) confirming that the websites had not been hacked. 'Affected' websites included the local sites of companies like Dell and Microsoft.
Lowyat.NET founder Vijandren Ramadass, who blogged on the issue, was the first to suggest that the MYNIC registry itself may have been compromised.
When DNA approached MYNIC for information, we were directed to a statement posted on its website, saying that it had “discovered some problems with our system which had resulted in an unauthorised change in some of the domain name server information, without the permission of [the] original registrant (owner of domain name).”
“This may lead to website redirection as experienced in a few reported cases,” the statement read, adding that the problem was discovered in the morning and the “MYNIC Computer Security Incident Response Team was immediately alerted to resolve the issue.”
“The affected domain names have been restored to their correct information at 4.38 pm today (July 1),” MYNIC said. “At the moment, we are undertaking all necessary measures to monitor the situation and prevent further related issues.”
A few news outlets had mistakenly reported the websites had been hacked by a hacker group, known by the handle TiGER-M@TE, protesting the mistreatment of Bangladeshi workers in Malaysia.
The same monicker was behind similar attacks on the Kenyan domain earlier this year, Lowyat.NET’s Vijandren noted in his blog post.
A statement issued late on July 1 by the Malaysian Communications and Multimedia Commission (MCMC) created further confusion, with the industry regulator confirming it had received reports that several websites registered under the ‘.com.my’ domain name “had been compromised.”
“This intrusion raises concern but fortunately, initial steps were swiftly taken to address the suspected intrusion. For now, service to most of the compromised domains has been restored,” said its chairman Mohamed Sharil Tarmizi.
The MCMC said it has been in contact with MYNIC and so far, “preliminary investigations have shown that the compromise was restricted to websites registered under the domain name ‘.com.my’.”
Sharil also said that the MCMC and the police have set up a team to investigate the incident.
Malaysian sites hit by DNS poisoning