Saturday saw a high-profile hack attack on numerous websites in Pakistan, leaving sites belonging to many industry giants with Pakistani domain names down. Pakistani sites of such companies as Google, eBay, Apple, Yahoo, Microsoft, numbering some 300 in total, were hack attacked by anonymous hackers, leaving the sites temporarily suspended as well as defaced as the hackers left a calling card of sorts, with a picture featuring two penguins hobbling along a bridge with a slogan underneath, reading “Pakistan Downed.”
While international sites, including Cisco, Visa, HSBC, Coca Cola, Blogspot, Sony, HP and PayPal were not affected, their Pakistani domain names, those with either .com.pk, .org.pk or simply .pk, were brought down, according to reports, in a coordinated effort between hackers from Pakistan and Turkey.
The hack itself, which redirected users from the sites to the aforementioned Penguin page, did not breach the companies per se, but did affect key services such as Google’s Gmail, temporarily putting them out of service.
Pakistani blog Propakistani is said to have received an email from the Pakistani hackers’ group, detailing the attack. The group, identifying its members as Khanisgr8, Net_Spy , Xpired, Sho0ter and N3t.Crack3r, said that they were able to conduct the attack by exploiting security flaws within the PKNIC, the service that is responsible for maintaining Pakistani domain name sites. The hackers apparently provided “Complete parameters and proofs of vulnerability, which according to experts are valid” and said that the PKNIC servers were particularly vulnerable to a number of security flaws.
This echoes previous warning by security experts, who said that PKNIC was vulnerable and needed to do something about its system.
Previously, it was reported that a hack attack on .pk domain names had rerouted some 284 sites “from their legitimate servers to a hosting account allegedly owned by hacker himself, by penetrating and re-configuring the DNS and name servers of these domain names.”
Propakistani added that it would share the information sent by the hackers to the PKNIC if they wanted to resolve the issue.
The PKNIC have responded and said that they will be commenting on the incident soon. Meanwhile, MarkMonitor, a security firm, was quizzed by the BBC regarding the incident. The firm is responsible for providing “brand protection for companies online by buying up related domains in countries around the world,” but in a statement said that it could not comment on specific “security incidents.”