The Register Hacked (DNS Hijacked)
I can’t believe it.
I would never have thought that one of my favourite tech news sites could ever be hacked. Yet a few minutes ago I captured the following screenshot when browsing.
Come on guys, what is going on?
*Updated – 10:00pm 4th September 2011
After further investigation, it seems that The Register’s website was not hacked as such, but rather the DNS for that domain has been hijacked.
The bad A record IP appears to be 126.96.36.199 instead of 188.8.131.52 which is a rackspace server where the register is hosted.
If you go to all-nettools.com and do a nameserver lookup you’ll see the register has the following nameservers now:
theregister.co.uk. 86129 IN NS ns4.yumurtakabugu.com.
theregister.co.uk. 86129 IN NS ns2.yumurtakabugu.com.
theregister.co.uk. 86129 IN NS ns1.yumurtakabugu.com.
theregister.co.uk. 86129 IN NS ns3.yumurtakabugu.com.
Which isn’t right.
It should probably look something like:
theregister.co.uk nameserver = ns1.theregister.co.uk
theregister.co.uk nameserver = ns2.theregister.co.uk
theregister.co.uk nameserver = ns3.theregister.co.uk
theregister.co.uk nameserver = ns4.theregister.co.uk
theregister.co.uk nameserver = ns5.theregister.co.uk
theregister.co.uk nameserver = ns6.theregister.co.uk
*Updated – 11:00pm 4th September 2011
It appears that ups.com has also been hacked.
*update again… Sites that have also been defaced include
*Updated – 7:15am 5th September 2011
The Guardian have interviewed the Turkish hackers that instigated the attack on the various high-profile websites. http://www.guardian.co.uk/technology/2011/sep/05/dns-hackers-telegraph-interview
*Updated – 8:10am 5th September 2011
The Register have now posted an article explaining a little about what happened.