The sites themselves weren’t hacked, but the DNS entries were mis-directed on some popular web sites, such as: The Register, The Daily Telegraph, and UPS.
DNS hack hits popular websites: Telegraph, Register, UPS, etc
“Popular websites including The Register, The Daily Telegraph, UPS, and others have fallen victim to a DNS hack that has resulted in visitors being redirected to third-party webpages.
Part of the message reads:
TurkGuvengligi – ‘Gel Babana’ – HACKED – ‘h4ck1n9 is not a cr1m3’
‘4 Sept. We TurkGuvenligi declare this day as World Hackes Day – Have fun ;) h4ck y0u’
(In fact, this kind of vandalism IS a crime.)
Further websites which have been affected include National Geographic, BetFair and Acer.
It’s important to note that the websites themselves have *not* been hacked, although to web visitors there is little difference in what they experience – a webpage under the control of hackers.
Instead of managing to breach the website, the hackers have managed to change the DNS records for the various sites affected.
DNS records work like a telephone book, converting human-readable website names like nakedsecurity.sophos.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered telegraph.co.uk or theregister.co.uk into your browser you were instead taken to a website that wasn’t under the control of those websites.
Because of the way that DNS works, it may take some time for corrected DNS entries for the affected websites to propagate worldwide – meaning there could be problems for some hours ahead.
In many ways we have to be grateful that the message displayed appears to be graffiti, rather than an attempt to phish information from users or install malware.”
One common thing appears to be that the affected sites were registered via NetNames… the vendor has had no comment on this as of yet.