Published On:Friday, 11 October 2013
Posted by Unknown
Google Malaysia Site DNS Hacked, Leaded By ‘Team Madleets’ Hacker 1337 Of Pakistan
Malaysia DNS Hacked by The Most Dangerous and popular DNS hacker 1337
Google’s Malaysian site has been hacked and replaced with a splash screen giving credit to a group called “Team Madleets.” The normal site has been offline for several hours as of late Thursday afternoon and the page lists a series of handles that are ostensibly part of the team responsible. Updated with brief statement from the hackers below.
The attack appears to have been of the DNS poisoning variety, in which a hacker gained access to the Malaysia Network Information Center and changed the DNS records of Google’s site to Madleets-controlled servers. So no information appears to have been changed on Google’s servers at this time, as this is a redirect attack of sorts.
The Madleets address leads to a Facebook page for the team that has the following message posted:
We feel we need to alert anyone, that we don’t hack any country tlds for example google.com.my as a result of any kind of hate, We don’t hate anyone, We love all humanity, there is no obvious reason for stamping the tlds.
Least the reason is not any kind of hate.
Whatever the reason is we can’t explain except we love all of you.
Regard’s
H4x0rL1f3
The site, "google.com.my," was functioning normally later on Friday, but was displaying this snapshot as page put in place by the Madleet Hackers.
Hacker Used his Owned Server to host the Hijacked domains :
k [Primary Name Server] SKEY0000032631
b0x4.madleets.com 142.4.211.228
l [Secondary Name Server] SKEY0000032628
b0x3.madleets.com 185.8.105.82
Google.my, Google.com.my and also Mazda.my was Hijacked by 1337 in this attack
Proof of hack : http://zone-h.com/mirror/id/20957809
Top-level domains such as ".com" and country-code top level domains are held by a variety of companies and organizations. The security of those records is managed by those companies and is often mostly out of the control of the entities whose DNS records they hold.
Earlier this week, a pro-Palestinian group gained entry to Network Solutions' network and modified DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.
If the reasoning on the team’s Facebook page is accurate, then this is simply a matter of doing it because they can and not to make a political statement. A link placed in the source code of the page leads to a music video for the artist Instrumental Core. The music is auto-played on the site while visitors are there.
Google Malaysia was hacked back in July, along with several other Malaysian sites, by a group protesting the treatment of Bangladeshi workers in that country. One possible motivation for the group taking action now, if it is indeed not simply “exposing vulnerabilities” would be the Global Entrepreneurship Summit in Kuala Lumpur, which will be attended by Secretary of State John Kerry in lieu of President Barack Obama.
Read More about recent Google Palestine DNS Hijacked at CyberAoN
lol