http://www.pc-radio.com/uruklink-0wned.html by Brian McWilliams March 26, 2003 After shakily surviving nearly a week of intense shelling in Baghdad, the Web site of the Iraq government has apparently fallen prey to hackers. Since Wednesday, some visitors to Uruklink.net have been surprised with a red-white-and-blue message that reads, "Hacked, tracked, and NOW owned by the USA." Others have been greeted with error messages. In fact, Uruklink, the homepage of Saddam Hussein, as well as the Iraqi News Agency and several other government organizations, is still generally available by browsing directly to the site's numeric address. But because of an apparent attack on the site's domain name server, some visitors who type www.uruklink.net into their browsers are being shunted off to a third-party site, alneda.com. An examination of Uruklink's DNS server, nic1.baghdadlink.net, revealed that the domain's "A" record had been changed to 65.89.91.148, the IP address for alneda.com. The attackers also changed the domain's Hostmaster address in the DNS server to read "0wnedat_private" According to Scott Perry, operator of the DNSStuff.com site, ns1.baghdadlink.net is running an outdated version of the BIND DNS software, which has a number of known security issues. Attackers made no apparent changes directly to the Uruklink web server. A second DNS server for Uruklink, nic2.baghdadlink.net, has been offline for nearly a week. Jon Messner, the operator of Alneda.com, said he was not responsible for the attack on Uruklink. "Hacking DNS servers of any nation's website is illegal. I do not in anyway participate in illegal activity, nor do I condone or endorse such activity by other individuals," said Messner. Last August, Messner made headlines when he snatched up several lapsed domains, including Alneda.com, in an attempt to baffle terrorists. The attacks on Uruklink come as Iraq's state-run TV station was nearly knocked off the air Tuesday by bombing. The popular Arabic news site Al Jazeera has also appeared to be suffering from a denial-of-service attack. Because some ISPs cache DNS information for domains differently, many Uruklink visitors have so far been unaffected by the re-direction attack. Others who attempt to reach the site using its domain address encounter "system unreachable" messages. Compounding Uruklink's DNS problems is bogus data that has apparently found its way into some ISP's DNS caches. Ron Gula, founder of Tenable Network Security, said some politically-motivated system administrators may have "blackholed" Uruklink by adding "reserved" IP addresses for the site in the DNS servers they manage. Uruklink's attackers did not alter the DNS record for the site's e-mail server, which could have disabled e-mail service to many Iraqis. Some observers have speculated that the U.S. government may be communicating with high-ranking Iraqis via e-mail, in an attempt to persuade them to overthrow Saddam. Iraq2000.com, the homepage of Iraq's Olympic team and several newspapers, was also impacted by the attack on Iraq's DNS servers. The "A" record for Iraq2000.com appears to have been changed to a non-functioning, reserved IP address. Similar problems have befallen the website of Iraq's Center for Heart Diseases. In an apparently unrelated incident, the website of Iraq's mission to the United Nations, Iraqi-Mission.org, became unreachable this week. The site, which is hosted by Texas-based Verio, currently displays a message from Verio saying "Temporarily Unavailable." Messages left with the Iraqi mission in New York went unanswered. Verio representatives had no immediate comment. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 04:22:54 PST