Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label PKNIC hacked. Show all posts

Pakistan Domain Registrar PKNIC website Hacked by PAKbugs


Once again Hackers successfully breached the PKNIC website(pknic.net.pk) - a Registrar for Pakistan's .pk domains. The hack was done by a hacker group called PAKbugs.

“thenews.com.pk, jang.com.pk and many others hacked,” ZombiE_KsA, the hacker, said. “More coming, stay tuned,” the hacker said.

The hackers – ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak – criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.

“Here we go again, pknic.net.pk you think you control .pk domains? … You don’t! Today, we are controlling .pk domains,” Hacker said in the defacement page. “After you patched your shitty system, we still owned you,” the message read.

"Here we go again, pknic.net.pk you think you control .pk domains? LOL you don't! today we are controlling .pk domains! " The Hacker said in the defacement page "after you patched your shitty system we still owned you it was perfect security"

Hacker claimed to have dumped 23,000 accounts information belong to government ,news, blogs, forums and other website. They defaced Jang.com.pk, Thenews.com.pk, propakistani.pk.

At the end of defacement, hackers asked the PKNIC to contact PakBugs on their official forum for patching the vulnerability.

This is not the first time the PKNIC is being under cyber attack.  At the end of last year(November),Turkish Hacker group Eboz has breached the PKNIC website and defaced all top websites including Google, Yahoo, Microsoft and more.

New SQL Injection prevention system left open a vulnerability, says PKNIC

 Few days back, Pakistani Top Level domains including Google , Yahoo, Msn and more sites defaced by Turkish Hackers.  Following that incident , a Pakistani hacker contacted us with a report regarding the vulnerability resides in the website.  We have immediately notified about the vulnerabilities to PKNIC.

Today, PKNIC released the official statement that confirms the security breach. In an email sent to us, PKNIC informed us that the vulnerability has been fixed over the weekend. 

"PKNIC became aware of a vulnerability in one of its systems which caused a total of four user accounts to be breached on Friday evening 23rd November, impacting nine DNS records, out of a total of around fifty thousand. That led to several website addresses to be redirected to a blank message page for a few hours. Several of these websites were mirrors of global sites such as google.pk, ebay.pk, etc." The official statement reads.

The changes caused by the incident were reverted within a few hours, by the PKNIC team, by late Friday night. The Team sent notification to affected accounts after the scope of the incident was identified.

The management said that website doesn't store credit card or similar financial information in its database.

"PKNIC servers were not hacked and continued to operate normally. However, the vulnerability briefly exposed some information which could be used to modify the DNS for the four accounts."

PKNIC's executive chairman Ashar Nisar said that they 've applied a new complex system to prevent from SQL injection attacks before the breach itself. However, the new system inadvertently left open a vulnerability, under certain obscure conditions and contexts, that was used in the recent security breach.

"As a result, in addition to a thorough investigation of our entire site and systems, we reverted to the simpler more robust model of filtering out everything unknown, instead of continuing to use the new system that had been tailored to the latest threats using more complicated algorithms.” He said.

The PKNIC team confirmed that there was no interruption to the root DNS or any other services provided by PKNIC. Additionally, other than the sites under the four accounts and seven DNS servers, all other .PK websites were unaffected and continued to operate normally.

Invitation for Friendly Hackers:
To improve their web security, PKNIC plan to invite hackers to test their website security.  They've planned to announce the reward program for hackers who find vulnerability , as is done by leading global companies, like Google and others.