Advertisement

Google, Microsoft, LinkedIn hacked in Kenyan DNS hijack Dennis Mbuvi

April 15, 2013
DNS-Hijacking
An illustration of DNS hijacking, where a user requesting to be directed to the IP address they intend to visit is instead directed to a different server. This happens when a hacker hacks into DNS servers and substitutes Internet addresses as happened to Kenyan domains for Google and Microsoft. (image: http://www.gohacking.com)

Kenyan domains belonging to Google, Microsoft, LinkedIn, HP, Dell and Kaspersky were among domains recently hit by a DNS hijacking attempt. Users visiting the websites were redirected to a site belonging to a Bangladeshi hacker known as TiGER-M@TE which had the message that the site had been hacked.

Domains affected include google.co.ke, dell.co.ke, skype.co.ke, msn.co.ke, bing.co.ke,linkedin.co.ke,hp.co.ke,westernunion.co.ke,kaspersky.co.ke, microsoft.co.ke, youtube.co.ke and markmonitor.co.ke

Global domains of the sites such as google.com and msicrosoft.com were however not affected in the attack. 

All the affected domains have their Domain Name Servers(DNS) hosted by a Nairobi based firm known as Footprint Computer Solutions limited. The hacker appears to have gained access to the server belonging to Footprint Solutions in their trademark manner, where they then change all the IP addresses of the hosted servers to point to the hacker’s server.

Websites are hosted on computers bearing numbered IP addresses such as 173.194.37.56 which belongs to google.co.ke . Users however don’t easily remember numbers and instead use names to reach servers, such as “google.co.ke” or “google.com”.  IP addresses are usually four sets of 2 or 3 digits for IP version 4. A newer version, IP version 6, which replaces IPv4 contains eight sets of 4 letters or digits per set.

Without DNS servers, users would have to memorise and type https://2620:0:1cfe:face:b00c::3 for IPv6 or https://173.252.110.27 for the current IPv4 everytime they wanted to visit https://facebook.com

A DNS server is similar to a telephone directory which lists people and their phone numbers, in this case listing  website names and their server IP addresses. When a user types in google.co.ke, a DNS server- translates google.co.ke to 173.194.37.56 . Networks then carry the traffic between the users computer and 173.194.37.56 (google.co.ke).

The hacker was able to instead make google.co.ke and the other sites point to his own IP address, which CIO East Africa is yet to determine at the moment. TiGER-M@TE has previously hacked into other DNS registrars of major domains in other countries. TiGER-M@TE recently did a similar DNS hijack in Malawi, targeting Google and Microsoft yet again in addition to Yahoo.

It is not clear how Footprint Computer Solutions came to manage such a high number of Kenyan domains for global Internet firms.  Calls to the company went unanswered.

While the hacker here appears to be hacking for fun and to expose vulnerabilities on the target, the hacker could have instead set up replicas of the target site which would have been indistinguishable from the original sites. The hacker would have then proceeded to ask users to "log-in" thus collecting critical information such as usernames and passwords. 

Bitcoin, the hugely famous digital currency was recently hit by a similar attack, where hackers used a security question such as “mother’s maiden name” and “year of birth” to hijack a related domain name.

Dennis Kioko

Dennis Mbuvi

Dennis Mbuvi has been writing at CIO East Africa Magazine and CIO.co.ke since May 2010. His key focus is the use of technology to solve day to day business challenges and product reviews. 

Mbuvi has been invited to speak at various IT, Telecom and Media events in the region. He was also a keynote speaker at the inaugural Joomla day in Kenya talking on possibilities of the Joomla Content Management System. Mbuvi holds a B.Sc in Computer Science degree from Kenyatta University. He is on Twitter as @denniskioko

 
 
Advertisement

CIO Events

More events
Advertisement
Advertisement
Advertisement
Advertisement

IDG Network