Puerto Rico sites redirected in DNS attack
Visitors to Google.pr, Microsoft.com.pr, Yahoo.com.pr, and others saw defaced sites instead of the legitimate sites after an attack on the domain name system in Puerto Rico this weekend.
An attack on the main domain name system registrar in Puerto Rico led to the local Web sites of Google, Microsoft, Yahoo, Coca-Cola, and other big companies being redirected for a few hours on Sunday to sites that were defaced, according to security firm Imperva.
Those sites and others including PayPal, Nike, Dell, and Nokia, were redirected to sites that were black except for messages in hacker lingo saying that the sites had been hacked. However, the sites themselves were not hacked, Amichai Shulman, chief technology officer at Imperva, said on Monday.
A group calling itself the "Peace Crew" claimed that they used a SQL injection attack to break into the Puerto Rico registrar's management system, he said. "We're seeing more and more of these DNS-related attacks and seeing them scale up," he added.
While the sites that visitors were redirected to were obviously not the legitimate sites, DNS redirects could be used to send unsuspecting Web surfers to phishing sites pretending to be banks where they would be prompted to provide sensitive information.
People should use the SSL (Secure Sockets Layer) protocol for encrypting communications with sensitive sites and use anti-phishing technology in the browser that colors part of the URL address bar green or red based on the safety level of the site being visited.
Calls to Gauss Research Lab, the organization that manages Puerto Rico's top-level domain, were not answered late on Monday.