Cheeky French hackers hijack Tata website
Now you see it, maintenant... non
Top flight outsourcing firm Tata Consulting Services appeared to have lost control of its website to hackers today, with the domain apparently being touted for sale.
The Washington Post reported that the site had fallen prey to a DNS hijack over the weekend.
A report in Times of India this morning said that hackers had changed the domain name, but that the company had successfully restored the site.
However, as of half three today, from where we were sitting the site was still showing the "for sale" notice, in both French and English, suggesting Tata's fix had not taken.
The Post's report, which was sourced from TechCrunch, noted that some commenters seemed to be seeing a restored site, while others were seeing the hacked version.
All the reports we've seen note TCS's credentials as a supplier of security services.
We called Tata's office in London to see if staff there could throw any light on the matter. They have yet to call back. ®
Tech Writing Fail
So The Reg no longer bothers to know about simple things like DNS propagation taking time because of caching?
tcs.com was NOT hacked....
please guys, I expected better from you lot...
[Disclaimer: I'm an employee of TCS, though naturally I'm posting this in my personal capacity]
tcs.com was NOT hacked yesterday. What did happen was that the DNS records that supply the IP were reset to some other IP.
Whether that was done by actually hacking netsol or by social engineering a valid change request I do not know.
I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.
I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms; don't ask, heh heh!], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].
In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it "come back" at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back.
At this point in time I am still receiving reports of other DNS servers still showing the bad data. Just tell them to purge their DNS caches if you know them, or switch to openDNS. They've got the right stuff, and have had it a lot longer than the chocolate factory's DNS :)
Tata for now!
Web'll be back soon.