Google Indonesia Hacked and defaced by Team MaDLeeTs

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,356
10413330_766808990046138_1272962165590723513_n-690x336.png


The Google Indonesia domain(www.google.co.id) was hacked into and left defaced for several hours today morning, The Hacker collective MaDLeeTs who claimed responsibility for the hack and also left there deface page on the website. Google.co.id was apparently hijacked using a hacking method known as DNS Poisoning.

MaDLeeTs are known for attacks like these targeting the search giant Google, only last year in October they had hijacked Google Malaysia using a similar same method.

What is DNS Poisoning?
DNS spoofing (or DNS cache poisoning) is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website.

Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results

Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls, thus redirecting the traffic to his own deface page. In this case it is believed that the DNS spoofing led the Google Indonesia users to another IP which carried the MaDLeeTs defaced page which Techworm believes to be http://167.114.12.10/.

How long the Website was left defaced?
While it is not clear for how long the website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one.

We have added a search box on our deface page on Google Indonesia to help Indonesian users to use Google Search while its stamped by TeaM MaDLeeTs, the hackers announced on their official Facebook page.

[!]Struck by 1337, Security is just an Illusion message on the deface page read.

The website has been restored back to normal now, but it is still unclear if the domain registrant was breached by the hacker, and if the they still have control over it and we may see such kind of attacks in future.
 

Kent

Level 10
Verified
Well-known
Nov 4, 2013
468
Google,the omnipresent,clairvoyant should not be defaced :eek::eek: It is sacrilegious ................
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top