Update – No complaints have been made regarding the hacking of the DNS servers of many international company websites by the Sri Lankan branch of Anonymous while no serious effects have yet to be felt following the breach, the Computer Emergency and Readiness Team (CERT) stated.
DNS cache poisoning is a method through which hackers are able to insert malicious and fake records into the cache of DNS servers. As a result, the hackers can then spoof a response to a DNS query, forcing users to go to a phony Web site instead of the real one.
Since DNS, or domain name system, servers maintain the records that assign domain names to IP addresses, attacks against them are especially alarming since they can compromise part of the very foundation of the Internet.
The information posted on Pastebin by Anonymous Sri Lanka shows that the group was able to scan and in some cases expose the DNS information of the companies it targeted, according to Cyber War News. But there’s no indication that the hackers were able to modify any of the DNS records that they touched.
In the record of its DNS attack against Symantec, Anonymous Sri Lanka boasts that it breached the “world’s 2nd largest software (anti-virus) leader/giant” and says that it captured almost the entire DNS pool, including the company’s corporate customers, production servers, and testbeds. The group touted the same DNS Cache Snoop Poisoning attacks against Facebook, Skype, Apple, Cisco, Microsoft, and Novell.
Beyond its attacks against several major tech companies, Anonymous Sri Lanka has also claimed DNS hacks against several groups and agencies in Sri Lanka, including the nation’s Parliament, military, and largest telecom provider.
The group tried to justify its actions in some of its comments.
Lashing out at Facebook, Anonymous Sri Lanka said that the way the social network controls and treats its members is not acceptable under any circumstances. Explaining its attack against Skype, the group claimed that the online video service is “eavesdropping the entire VoIP traffic at several nodes for sure.”
The attacks appear to have started on August 22 against the Sri Lankan telecom provider and continued on into yesterday with the attack against Skype. from cnet.com