Rapid7’s Metasploit is the latest high profile website to fall foul of a pro-Palestinian group of hackers, who hijacked its DNS records.
And it seems the hackers used an old-fashioned fax message to commit their crime.
Metasploit, of course, is used by security professionals around the world to test corporate security systems, and verify that vulnerabilities have been properly fixed.
The KDMS Team managed to trick Register.com, who manage the DNS records for metasploit.com, into believing that they were authorised to change them – redirecting anyone attempting to visit the Metasploit site to a different part of the net, under the hackers’ control.
In short, if you attempted to visit metasploit.com your web browser would claim that you were on metasploit.com, but what you would see on the webpage would be very different than what the site’s legitimate owners would want.
MISSION COMPLETED
HACKED
KDMS TEAM
PLAESTINIAN HACKERSHello Metasploit
After whatsapp , avira, alexa , avg and other sites
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets
Therefore we are here ..
And there is another thing .. do you know Palestine?
Earlier this week, WhatsApp, AVG and Avira – whose DNS entries are managed by Network Solutions – were attacked in a very similar manner.
DNS records work like a telephone book, converting human-readable website names like metasploit.com into a sequence of numbers understandable by the internet. If hackers manage to change a site’s DNS records, they can take you to a website that isn’t under the legitimate company’s control.
H D Moore, the Chief Research Officer of Rapid7 and driving force of Metasploit, has described on Twitter how the Metasploit site was hijacked:
Metasploit.com was hijacked through a spoofed change request FAXED to Register.com. Hacking like its 1964
Social engineering triumphs for the hackers once again.
The worry is, of course, that if Register.com can be fooled so easily into allowing hackers to mess with a site’s DNS entries – they could presumably do it with *any* website using Register.com’s services.
Surely companies like Register.com and Network Solutions need to be a little wiser about the possible tricks hackers could use to mess with their customers’ web visitors?