A high profile hack targeting international corporations took hold of hundreds of domains over the weekend.
The Pakistan based hack affected almost 284 sites including Google, Apple, eBay and Yahoo. Users visiting the .com.pk, .pk and .org.pk were redirected to a page displaying an image of two penguins and the tag line ‘Pakistan Downed’.
The hackers’ reasoning wasn’t to compromise the companies but simply to highlight their vulnerabilities and the flaws in the PKNIC system, the body that manages all .pk domains.
The hackers have announced that the PKNIC servers are vulnerable to Boolean-based blind SQL injection, time-based blind SQL injection, cross site scripting and sensitive directory disclosure.
The exact details of the hack cannot be revealed but we do know the hacker penetrated and reconfigured the DNS and name servers so visitors to legitimate sites were re-routed from their genuine servers to a hosting account owned by the hacker.