Turkish group undertakes DNS attack against big websites

5 Sep 2011

A Turkish hacking group carried out a DNS attack which affected sites such as The Daily Telegraph, The Register and the UPS, redirecting visitors to a third-party site.

According to Naked Security, TurkGuvenligi changed DNS records, so when a user entered the website’s URL, they were instead sent to another website. The site they were redirected to included a message from the group.

“4 Sept. We TurkGuvenligi declare this day as World Hackes Day – Have fun 😉 h4ck y0u,” read the message.

Sites affected included The Register, The Daily Telegraph, UPS, National Geographic and Betfair.

Sophos, the security firm which publishes the Naked Security blog, emphasised that the websites were not actually breached.

“In many ways we have to be grateful that the message displayed appears to be graffiti, rather than an attempt to phish information from users or install malware,” said Graham Cluely, senior technology consultant at Sophos.

The Register stated there did not appear to be any attempt to infiltrate its own systems and its DNS records were restored after three hours.

It said that if users still saw the defaced page, they should turn their computer off and on again to clear DNS caches in their ISPs, routers, browsers and operating systems.

The Guardian contacted TurkGuvenligi, who said they usually target bigger domains, as while it was harder to do this, it made it “funnier” for them.