.pk registrar hacked, Pakistani sites for Google, MSN, Apple, Ebay redirected

Y	Hacker News new \| ask \| show \| jobs

	.pk registrar hacked, Pakistani sites for Google, MSN, Apple, Ebay redirected (thehackersmedia.blogspot.ro)
	24 points by nitochi 4948 days ago

8 comments

ComputerGuru 4948 days ago

So it's a bit of a misleading title, it appears the registrar for .PK is what was hacked, and these are the sites that are now being redirected.

Also, can someone please add spaces after the commas in the title? Thanks! (currently reads Google,MSN,Apple,Ebay)

link

irfan 4948 days ago

There are 975 .Pk domains registered by MarkMonitor. google, visa, PayPal, sony, zynga, microsoft, hp all rely on MarkMonitor for their identity in Pakistan. It seems that MarkMonitor's account with pknic was compromised. 110 .PK domains had their name servers changed to freehostia.com recently. All of them registered by MarkMonitor. Here is the list: http://i.com.pk/110-pk-domains-managed-by-markmmonitor-got-h... [note: this list was compiled by me]

link

sek 4948 days ago

So basically they are the ones who got hacked, pknic should be in the headline. Markmonitor manages a lot of the most important domains worldwide, so i guess pknic got a very angry call.

link

codeka 4948 days ago

This is what I'm getting for google.com.pk currently:

  ;; ANSWER SECTION:
  google.com.pk.		3578	IN	A	127.0.0.1

The name server seems to be set to some random one as well:

  ;; AUTHORITY SECTION:
  google.com.pk.		38400	IN	NS	dns1.freehostia.com.
  google.com.pk.		38400	IN	NS	dns2.freehostia.com.

Google normally host their own DNS, so I'd expect that to go ns1.google.com (etc). Doing a whois for google.com.pk returns the address as "Mountain View, Canada" which is kind of amusing.

link

jrockway 4948 days ago

I also find it amusing that the bad DNS entry propagated to 8.8.8.8:

    $ dig @8.8.8.8 www.google.pk

    ; <<>> DiG 9.8.4 <<>> @8.8.8.8 www.google.pk
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53040
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.google.pk.			IN	A

    ;; ANSWER SECTION:
    www.google.pk.		626	IN	A	127.0.0.1

    ;; Query time: 23 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sat Nov 24 10:23:48 2012
    ;; MSG SIZE  rcvd: 47

link

dendory 4948 days ago

If you do a whois on www.pknic.net.pk for any of the listed hacked domains, they all have their correct contact info but refer to "dns1.freehostia.com" so it seems the .pk domain registrar must have been hacked.

link

fmax30 4948 days ago

Everything is normal here (i'm in pakistan) , google msn ebay all are accessible. So either this story is an outright lie, or the so called hackers might actually be just idiots.

link

mjschultz 4948 days ago

You might still have the correct values in your DNS cache for the sites. It looks like the .pk registrar was hacked and the DNS for these site changed.

Since you're in Pakistan, you've probably recently resolved some of these names so you'd get the correct version.

link

manojlds 4948 days ago

It's ironic that the intention, I gather, was to cripple Pakistan users from accessing these site, but they can still acess the sites, but outside world can't.

link

pknerd 4948 days ago

Atleast accessible for me, I am on PTCL network, Pakistan.

link

ankitaggarwal 4948 days ago

change in name servers take some time to propagate. Try to access it through some US proxy?

Strange to see that Whois data. Surely something wrong.

Though, this post has misleading title.

link

neebz 4948 days ago

screenshot : http://cl.ly/L7mk

link

TazeTSchnitzel 4948 days ago

I wonder if somebody misunderstood the meaning of "Hacker News".

link

ghaste 4947 days ago

Well looking at the quality of written English, it would be quite possible...

link