DNS hijack hits The Register: All well

NetNames statement

  • alert
  • submit to reddit

Update On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers.

The Register's website was not breached. And as far as we can tell there was no attempt to penetrate our systems. But we shut down access / services - in other words, anything that requires a password - as a precaution. These are now restored.

Our DNS records were restored to normal after three hours or so. If you still see a defaced page, turning your equipment on and off again may help: there are DNS caches in your browser, OS, routers and at your ISP. Any of these could contain dodgy info.

While we were figuring what was going on, we tried to keep readers informed via our official Twitter account at http://twitter.com/#!/regvulture.

If you're interested, Sophos has a screen grab and explanation of how a DNS hijack works here.

Our provider NetNames has yet to tell us what happened. So we will refer you to zone-h's report.

It appears that the turk­ish attack­ers man­aged to hack into the DNS panel of Net­Names using a SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites, to use their own DNS (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com) and redi­rect those web­sites to a defaced page.

The Guardian's Charles Arthur has an interview with the hackers here.


So we were one of a very small number of domains that were redirected, according to an "initial statement" from NetNames, reproduced in full below. To say we are not pleased is an understatement.

At approximately 2100BST on Sunday 4 September 2011 a very small number of customer domains were redirected to an unauthorised domain name server (DNS server). This was done by placing unauthorised re-delegation orders through to the registries via our provisioning system. These orders updated the address of the master DNS servers responsible for serving data for these domains. The rogue name server then served incorrect DNS data to redirect legitimate web traffic intended for customer web sites through to a hacker holding page branded TurkGuvenligi. The unauthorised orders were added by using a SQL injection attack to gain access to a number of our customer accounts.

The illegal changes were reversed quickly to bring service back to the customers impacted and the accounts concerned have been disabled to block any further access to the systems. NetNames considers the security of its systems and the data within to be of paramount importance. While no-one can completely defend against such sustained and concentrated malicious attacks we will continue to review our systems to ensure that we provide our customers a solid, robust and above all secure service.


If you or your friends work at an ISP, do us a favour and update your DNS records. Thanks. ®


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.