E-Threats

Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service

The notorious Lizard Squad hacking gang has claimed another scalp, having successfully disrupted Google’s internet presence in Vietnam.

Visitors to google.com.vn saw the following message and image rather than the normal cheerful familiar Google search box:

google-lizard-squad

“Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)”

The message went on to encourage visitors to follow the Lizard Squad on Twitter, and to buy denial-of-service attacks from their LizardStresser website.

At first you might imagine that Google’s Vietnam website has been defaced, but that’s not quite correct.

You see, even though you have visited google.com.vn, Google own servers serving pages to people in Vietnam have not been hacked. Instead, this is a case of DNS-poisoning.

To make an analogy, DNS (Domain Name System) is the telephone book of the internet. You see, when you type in the name of a website like microsoft.com, bankofamerica.com or hotforsecurity.com, your computer has to look up that meaningful name in a database in order to convert it into a specific numeric IP address, understood by computers.

If we didn’t have DNS databases you wouldn’t be able to type in the name of a website in order to visit it – you would have to remember specific numbers – such as 37.59.67.147 – instead. Clearly, that would be a nightmare.

But things can go badly wrong if an attacker manages to change the DNS record for a particular website, redirecting – in this case – Google’s Vietnam website to an IP address under the control of malicious hackers.

And that appears to have been what has happened here. Clearly, whoever was responsible for securing the DNS entry for google.com.vn wasn’t doing such a great job at it, the Lizard Squad hackers were able to gain access, and redirect all of that traffic to a webpage under their control, promoting their DDoS-for-hire service.

Of course, the Lizard Squad gang wanted to be sure that people outside Vietnam knew what they had done – so they tweeted about it..

lizard-tweet

I suppose we should all be grateful that Lizard Squad appears to be more motivated by mischief than anything else, as it would have been simple for them to have incorporated a malicious script on the page designed to infect any visiting computer with a drive-by download.

We would be foolish to think, however, that the LizardSquad gang are criminal geniuses and experts at security themselves. Just last month, security blogger Brian Krebs reported that the gang’s LizardStresser DDoS-on-demand service, which users thousands of hacked residential internet routers to bombard sites with unwanted traffic, was itself compromised, and details of over 14,000 users passed to the authorities.

It transpires that Lizard Squad failed to encrypts its registered user database, and stored usernames and passwords in plaintext.

In other words, we’re all human. And we’re all capable of making mistakes. Clearly, in this instance, Google Vietnam was caught napping.

Rather than other online companies laugh at Google’s expense, we should all take a long hard look at our own security and ask if determined hackers could wreak similar mischief on our own web properties.

Remember this is unlikely to be the last we’ll hear of Lizard Squad, and it certainly won’t be the last time that hackers hijack DNS records to redirect a popular website to one of their own choosing.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

5 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.