Ask questions via twitter! Message any question to @answers on twitter. We'll publish the question and send you a reply each time there's a new answer.
Next Question

Answered Question

dumblonde dumblonde
 
M$1 April 26, 2009 08:52 AM

Google Puerto Rico (www.google.com.pr) got hacked. How do you think they did it?

Interesting Question?  Yes (5)   No (0)   

Interesting: interzone, loreng123, dbspringer, hushnow, sysaaron

RSS
 
 

Best Answer  Chosen by Asker

interzone interzone
 
 April 26, 2009 12:11 PM
It's the Peace Crew, formerly known as Terrorist Crew, a group of politically motivated hackers supporting the Palestinian cause, who recently defaced the Microsoft New Zealand sites. Earlier this year, they attacked a number of Nato and US military websites.

The principal Peace Crew character is a hacker known as Agd_Scorp, allegedly of Turkish origin. Others prominent members are rx5 and Cr@zy_King.

I don't know just how exactly did they go about this hack, but it seems to have something to do with modifying the DNS records of the hacked domains, which in effect re-directs prospect visitors to a site designed by the hackers. This particular exploit is known as "SQL Injection vulnerability".
Source(s):
Microsoft NZ Hack:
http://w0rm.us/tag/peace-crew
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=1...

NATO Hack:
http://news.softpedia.com/news/Palestinian-Supporters-Hack-NATO-and-U-S-Arm...

DNS Record Types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types

SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection

Asker's Rating:

Permalink | Report
   Reply  
 
 
emmess emmess
 
April 26, 2009 12:36 PM
Or: Translation -- they didn't actually break into the google server itself, but rather to the DNS/name server which is handled by an external company, apparently.

Report
 
 
interzone interzone
 
April 26, 2009 02:01 PM
@emmess - that's right, they didn't need to break into Google servers to achieve what they were up to.

The same goes for their Microsoft New Zealand hack: the actual servers hacked were not Microsoft's, but belonged to an external "handler".

Report
 
 
dumblonde dumblonde
 
April 26, 2009 06:06 PM
Thanks for the very thorough and informative answer!

Report
 
 

Other Answers (5)

Sort By
cjd cjd
 
April 26, 2009 10:35 AM
Hi there,

Looks like it is back up (Google Puerto Rico).

It could very well have been a member of staff at Google Puerto Rico that had hacked Google - but hackings has happened before.

Often it is a DNS problem and would just redirect to a new website. For example the "SoGo" search incident.

http://gigaom.com/2005/05/07/google-hacked/


Helpful Answer?  (1)   (0)   

Helpful: interzone

Tip cjd for this answer
Permalink | Report
   Reply  
 
 
acamela acamela
 
April 26, 2009 03:47 PM
Well personally, I think that google has gotten a bit too confident with themselves in their internet security. They have not updated their server security recently and being a hacker myself, I can say that hacking technologies are evolving much faster than the internet giant, google. Once hackers get even the slightest bit of information on any servers, most of the hackers can hack them.

Helpful Answer?  (1)   (1)   

Helpful: interzone

Unhelpful: emmess

Tip acamela for this answer
Permalink | Report
   Reply  
 
 
ericfortis ericfortis
 
April 26, 2009 04:55 PM
I think they did it with a particular ISP (OneLink) in PR. I don't think that it has to do with google security itself as acamela said.

Here is the list of mirrors if you want to see the defaced pages:

google.com.pr
http://www.zone-h.org/mirror/id/8803153

yahoo.com.pr
http://www.zone-h.org/mirror/id/8803181

msn.pr
http://www.zone-h.org/mirror/id/8803172

microsoft.com.pr
http://www.zone-h.org/mirror/id/8803165

hotmail.com.pr
http://www.zone-h.org/mirror/id/8803166

Helpful Answer?  (1)   (0)   

Helpful: dumblonde

Tip ericfortis for this answer
Permalink | Report
   Reply  
 
 
dumblonde dumblonde
 
April 26, 2009 05:53 PM
Oh wow. So it was more than just Google. I guess what they did was pretty easy then.

Report
 
 
ericfortis ericfortis
 
April 26, 2009 06:20 PM
Well, the hack complexity is technically the same for impersonating one record or a bunch of them. To put in perspective their (hackers) workaround, we can make a security-guard analogous to DNS; and a person to a google visitor. The person asks the guard for directions to get to a specific building. Now some of the possible scenarios:
A. The hacker changed the security guard list with the building addresses.
B. There is another security guardian providing incorrect directions racing with the legitimate guard.

Report
 
 
lesserdema... lesserdema...
 
April 26, 2009 07:49 PM
I'm on DSL and i can't access Google.com.pr ether.

Report
 
 
ericfortis ericfortis
 
April 26, 2009 11:05 PM
It appears to be that the hackers got into the administration panel of a big registrar company (Domainz.net) by SQL Injection and were able to change the records to point to another web server.
Here is the list of the sites they defaced in PR (source: zone-h)
blogsearch.google.com.pr
live.com.pr
translate.google.com.pr
nokia.pr
dell.com.pr
hsbc.com.pr
pcworld.com.pr
www.coca-cola.com.pr
nike.com.pr
nike.pr
norton.com.pr
www.norton.pr
www.paypal.com.pr
www.fanta.net.pr
www.fanta.com.pr
www.coca-cola.pr
www.yahoo.com.pr
adwords.google.com.pr
images.google.com.pr
groups.google.com.pr
www.google.pr
msn.pr
adsense.google.com.pr
hotmail.com.pr
microsoft.com.pr
news.google.com.pr
www.gmail.pr
www.google.com.pr

Report
 
 
sysaaron sysaaron
 
April 27, 2009 07:31 AM
This is a serious issue. The phishing possibilities of an attack like this are insane.
Source(s):
http://en.wikipedia.org/wiki/Phishing


Helpful Answer?  (0)   (0)    Tip sysaaron for this answer
Permalink | Report
   Reply  
 
 
dward dward
 
April 29, 2009 01:48 PM
If a DNS attack here's likely what was used. Which somehow replicated to other DNS servers.

Steve Gibson's most Recent discussion of DNS Spoofability Transcript:
http://www.grc.com/sn/sn-157.htm

Steve Gibson's DNS Spoofability test site:
https://www.grc.com/dns/dns.htm
Source(s):
http://www.grc.com/sn/sn-157.htm


Helpful Answer?  (0)   (0)    Tip dward for this answer
Permalink | Report
   Reply  
 
 

Answer this Question

How tips and payments work

This question has already been resolved. You may add an answer to it but you will not be eligible to win best answer or any associated tips.

Related Questions

View All Security Questions

Ask a Question


140 characters left
Top of Page
Buy Mahalo Dollars with Credit Card or PayPal

Top Members

This Week All Time
  • buddawiggi
    buddawiggi
    2nd Degree Black Belt
    27933 Points
    M$806.66 Earned
  • opher
    opher
    Purple Belt
    4757 Points
    M$203.72 Earned
  • annelisle
    annelisle
    Purple Belt
    3308 Points
    M$99.72 Earned
   See All
 

Most Popular Tags

mahalo(1641)
twitter(957)
iphone(468)
music(467)
google(361)
food(327)
internet(310)
online(298)
beer(281)
money(267)
movies(265)
apple(253)
facebook(244)
aotd(235)
answers(231)
health(221)
video(210)
free(207)
dog(205)
windows(198)
   See All
 

Categories

Welcome New Members


 
 
Mahalo Dollars are the currency of Mahalo Answers.

Each Mahalo Dollar costs $1.

Once you earn more than 40 Mahalo Dollars, you can request to be paid via PayPal. Each Mahalo Dollar is currently worth $0.75 when paid out via PayPal. Learn More

 
 

Please log in to use this function.

Answers Home | Ask a Question | Earn Points | How Tips Work | Widget