3 min read

Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service

Graham CLULEY

February 24, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service

The notorious Lizard Squad hacking gang has claimed another scalp, having successfully disrupted Google’s internet presence in Vietnam.

Visitors to google.com.vn saw the following message and image rather than the normal cheerful familiar Google search box:

google-lizard-squad

“Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)”

The message went on to encourage visitors to follow the Lizard Squad on Twitter, and to buy denial-of-service attacks from their LizardStresser website.

At first you might imagine that Google’s Vietnam website has been defaced, but that’s not quite correct.

You see, even though you have visited google.com.vn, Google own servers serving pages to people in Vietnam have not been hacked. Instead, this is a case of DNS-poisoning.

To make an analogy, DNS (Domain Name System) is the telephone book of the internet. You see, when you type in the name of a website like microsoft.com, bankofamerica.com or hotforsecurity.com, your computer has to look up that meaningful name in a database in order to convert it into a specific numeric IP address, understood by computers.

If we didn’t have DNS databases you wouldn’t be able to type in the name of a website in order to visit it – you would have to remember specific numbers – such as 37.59.67.147 – instead. Clearly, that would be a nightmare.

But things can go badly wrong if an attacker manages to change the DNS record for a particular website, redirecting – in this case – Google’s Vietnam website to an IP address under the control of malicious hackers.

And that appears to have been what has happened here. Clearly, whoever was responsible for securing the DNS entry for google.com.vn wasn’t doing such a great job at it, the Lizard Squad hackers were able to gain access, and redirect all of that traffic to a webpage under their control, promoting their DDoS-for-hire service.

Of course, the Lizard Squad gang wanted to be sure that people outside Vietnam knew what they had done – so they tweeted about it..

lizard-tweet

I suppose we should all be grateful that Lizard Squad appears to be more motivated by mischief than anything else, as it would have been simple for them to have incorporated a malicious script on the page designed to infect any visiting computer with a drive-by download.

We would be foolish to think, however, that the LizardSquad gang are criminal geniuses and experts at security themselves. Just last month, security blogger Brian Krebs reported that the gang’s LizardStresser DDoS-on-demand service, which users thousands of hacked residential internet routers to bombard sites with unwanted traffic, was itself compromised, and details of over 14,000 users passed to the authorities.

It transpires that Lizard Squad failed to encrypts its registered user database, and stored usernames and passwords in plaintext.

In other words, we’re all human. And we’re all capable of making mistakes. Clearly, in this instance, Google Vietnam was caught napping.

Rather than other online companies laugh at Google’s expense, we should all take a long hard look at our own security and ask if determined hackers could wreak similar mischief on our own web properties.

Remember this is unlikely to be the last we’ll hear of Lizard Squad, and it certainly won’t be the last time that hackers hijack DNS records to redirect a popular website to one of their own choosing.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read