Google Indonesia was Hacked earlier today and left defaced for hours.
The Google Indonesia domain (www.google.co.id) was hacked into and left defaced for several hours today morning, The Hacker collective MaDLeeTs who claimed responsibility for the hack and also left there deface page on the website. Google.co.id was apparently hijacked using a hacking method known as DNS Poisoning.
MaDLeeTs are known for attacks like these targeting the search giant Google, only last year in October they had hijacked Google Malaysia using a similar same method.
What is DNS Poisoning?
DNS spoofing (or DNS cache poisoning) is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website.
Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results
Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls, thus redirecting the traffic to his own deface page. In this case it is believed that the DNS spoofing led the Google Indonesia users to another IP which carried the MaDLeeTs defaced page which Techworm believes to be https://220.127.116.11/.
How long the Website was left defaced?
While it is not clear for how long the website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one.
We have added a search box on our deface page on Google Indonesia to help Indonesian users to use Google Search while its stamped by TeaM MaDLeeTs, the hackers announced on their official Facebook page.
[!]Struck by 1337, Security is just an Illusion message on the deface page read.
The website has been restored back to normal now, but it is still unclear if the domain registrant was breached by the hacker, and if the they still have control over it and we may see such kind of attacks in future.
Update (only on Techworm:
One of the team members from MaDLeets has confirmed to Techworm that they were able to hack into the official Domain Registrar of Indonesia (https://www.pandi.or.id/) . Using the Domain Registrar hack, they updated domain name servers.
Hacked into NIC, got access to google.co.id domain panel, changed Nameservers, he said.
A screenshot taken by the hackers from the NIC Indonesia with controls to Google Indonesia domain panel can be seen below :