One of the most visited website addresses in Brazil – Google.com.br was hacked by a lone hacker few days ago. The individual going by the online handle of “Kuroi’SH’ managed to gain unauthorized access through DNS hijacking. The same person had also earlier hacked NASA subdomains, leaving messages in support of Palestinians on defaced websites homepage.
In an attempt to gain back control of the domain, Google Brazil quickly switched into the damage control mode however, the domain remained open for more than 30 minutes making headlines all over Brazil since no one had access to the site without noticing the defacement.
A message from the hacker on the website read, It is a great moment to die. Hacked by Kuroi’SH! Two Google at once, I don’t even care; f**k the jealous hates such as Nofawkx. Two Google at once world record idgaf :D. Greets to my friends Prosox & Shinobi h4xor”.
It has become a norm for hackers to hijack popular websites to showcase their prowess and exploit security flaws in them. Their activity however results in interruption of service from few minutes to several hours. This event of hijacking was similar to a DNS hijacking case that occurred last month to Google’s Bangladesh homepage.
Using “whois”, we saw that the address IP 22.214.171.124 does not belong to Google, but to an Bulgarian entity, as can be seen here.
After much delay, Google Brazil acknowledged the defacement but claimed that the site was not hacked. Defending their stance, Google officials said that DNS servers may have suffered an attack and therefore redirected to other sites.
Other media reports added that besides this incident the hacker also hacked Google Maps and Google Translate domains but Kuroi’SH has denied such reports. You can read the full details here.
An attack of this sort has wider implications for both, the organization which owns the Internet domain as well as for users that access the address.