Looks like Pakistan is not the only place where major internet companies’ domain names can get hijacked. This morning, google.ro, was taken over, with the credit being taken by “Algerian Hacker” MCA-CRB, a serial website defacer. The site looked like the picture above for at least an hour, according to our tipster. It still looked like this when I took the screenshot. It appears to be showing the hacked page again now.
Softpedia is reporting that the same thing has happened to Yahoo’s site, but the site looks fine to me right now. Paypal.ro is also redirecting to the same page as Google.ro, although Paypal also operates another site at https://www.paypal.com/ro/ that is up.
The text on the hacked site reads: “By MCA-CRB / Algerian Hacker” and gives credit to three names, “all members Sec” — so perhaps in one of the many loose groups of hackers that associate themselves with Anonymous and LulzSec. “S thanks = Mr-AdeL & i-Hmx & Lagripe-Dz All Members Sec,” the page reads.
MCA-DRB is also threatening more. “To Be Continued ….” the site says.
That’s not an empty threat, it seems. MCA-DRB, according to Zone-h’s registry of hacked sites, has been responsible for 5,530 site hacks and defacements to date, with many of them appearing to cover government and public services sites from countries across Asia, Africa, Europe, Australia and the Americas. By comparison, the Zone-h attributes 313 sites to Eboz, not counting the 284 from over the weekend.
And it doesn’t seem to be following the same form as this weekend’s defacement exercise in Pakistan, where 284 sites were taken down by a hacker called Eboz. That attack appeared to have to do with the infiltration of the country’s domain registry PKNIC, where all of the affected domain name servers were redirected to servers hosted by Freehostia. But according to current checks on Google.ro, the site is still going to Google name servers.
We are reaching out to Google for comment and will update this story.
More to come. Refresh for updates.
H/T Marius M.