Metasploit website hijacked by pro-Palestinian hackers… via fax

Rapid7’s Metasploit is the latest high profile website to fall foul of a pro-Palestinian group of hackers, who hijacked its DNS records.

And it seems the hackers used an old-fashioned fax message to commit their crime.

Metasploit, of course, is used by security professionals around the world to test corporate security systems, and verify that vulnerabilities have been properly fixed.

The KDMS Team managed to trick Register.com, who manage the DNS records for metasploit.com, into believing that they were authorised to change them – redirecting anyone attempting to visit the Metasploit site to a different part of the net, under the hackers’ control.

In short, if you attempted to visit metasploit.com your web browser would claim that you were on metasploit.com, but what you would see on the webpage would be very different than what the site’s legitimate owners would want.

MISSION COMPLETED
HACKED
KDMS TEAM
PLAESTINIAN HACKERS

Hello Metasploit

After whatsapp , avira, alexa , avg and other sites
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets
Therefore we are here ..
And there is another thing .. do you know Palestine?

Earlier this week, WhatsApp, AVG and Avira – whose DNS entries are managed by Network Solutions – were attacked in a very similar manner.

DNS records work like a telephone book, converting human-readable website names like metasploit.com into a sequence of numbers understandable by the internet. If hackers manage to change a site’s DNS records, they can take you to a website that isn’t under the legitimate company’s control.

H D Moore, the Chief Research Officer of Rapid7 and driving force of Metasploit, has described on Twitter how the Metasploit site was hijacked:

Metasploit.com was hijacked through a spoofed change request FAXED to Register.com. Hacking like its 1964

Social engineering triumphs for the hackers once again.

The worry is, of course, that if Register.com can be fooled so easily into allowing hackers to mess with a site’s DNS entries – they could presumably do it with *any* website using Register.com’s services.

Surely companies like Register.com and Network Solutions need to be a little wiser about the possible tricks hackers could use to mess with their customers’ web visitors?

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.