The Tech Herald

Iranian Cyber Army defaces Voice of America and 93 other domains (Update)

by Steve Ragan - Feb 23 2011, 01:37

Iranian Cyber Army defaces Voice of America and 93 other domains.

The Iranian Cyber Army (ICA), a group known for attacks on Twitter as well as Baidu, replaced the landing page for Voice of America (VOA) on Monday with a message of their own. In addition, they claim to have hit more than 90 other websites in the same attack.

“Mrs. Clinton Do you want to hear the voice of the oppressed nations will from heart of USA? Islamic world doesn’t believe USA trickery. We call on you to stop interfering in Islamic countries,” reads the message left by the ICA.

Voice of America is the official news service of the United States Government. Of the 94 domains listed by the ICA, a majority of them are VOA related.

The ICA made headlines in 2009 when they compromised the email account owned by a Twitter staff member and used that access to redirect Twitter’s DNS services. At the time, it was assumed that a server compromise was the cause.

After conversations with several sources, The Tech Herald was able to put things together and correctly report that it was DNS and not a server breach, which caused the micro-blogging shakeup. [Original report]

Soon after the Twitter attack, the ICA struck again by targeting Baidu, China's largest search portal. For this attack, they altered DNS services as well, which led Baidu to file a lawsuit against Register.com. [Original report] [Follow-up report]

In each of the previous defacements, the ICA’s actions were political. There have been rumors that the ICA is connected to the Iranian government. At the same time, rumors also call them Russian hackers.

As quickly as the ICA made the news and made themselves known, they went idle with no explanation. It’s possible that as things heat up in Iran and in North Africa, this incident marks their return.

So what happened this time? The short answer is that no one knows yet.

Many of the domains listed by the ICA as hacked share a common thread, Network Solutions. However, voanews.com, the master domain, does not appear to use Network Solutions at all.

At the same time, voanews.net, voanews.org, voanews.info, voahp.com, voanews.us, as well as many others, resolve to a Network Solutions holding page or point to the ICA message on voanews.com. In addition, they use DNS hosting from WorldNIC, a Network Solutions company.

It is possible that the Network Solutions account was compromised, and then with that access, voanews.com was defaced thanks to a shared password. However, most of the domains pointed to the main URL before the defacement. So this could be a case where single compromise covered 93 additional domains simply due to the nature of their hosting.

We’ve reached out to Network Solutions, as well as the Broadcasting Board of Governors, the organization that manages Voice of America, for comment on the incident.

Update:

Shashi Bellamkonda, the Director of Social Media Network Solutions, sent over the following statement:

"All sites should be restored at this time. There was no compromise or data loss on either side and we are working with the customer to provide any further help if needed. To be clear there was no hack or breach of Network Solutions' systems or services."

"As soon as we were notified by the customer of the defacement, we assisted the customer in restoring the DNS back to the original servers. Additionally, this customer's other domains on WorldNIC's DNS are being forwarded to voanews.com. Please understand, in order to avoid educating bad actors, we will not be providing any further details regarding how the DNS was changed."

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Shelby GT350 Mustang Pictures

We have added a bunch of pictures of the all-new Shelby GT350 Mustang from Ford. The ne...

All-new Shelby GT350 Mustang

Ford have revealed details of the new Shelby GT350 Mustang. First introduced in 1965 the new...

Best Cars To Buy In 2015

Leading vehicle research company Kelley Blue Book has released its list of the best cars to ...

A.C. Milan Take On Audi R8

Five A.C. Milan stars take on an Audi R8 in a game of street soccer in a new ad for Toyo Tir...

Jaguar 2016 F-TYPE R Coupe All-Wheel-Drive

Jaguar has unveiled the 2016 F-TYPE R Coupe, the first to feature all-wheel-drive. The 2016 ...