Friday 11 October 2013

Metasploit website Hacked just by sending a spoofed DNS change request via Fax to Domain Registrar

A group of Pro-Palestine hackers 'KDMS Team' today has been able to hijack the Metasploit website simply by sending a fax and hijacked their DNS records.

Rapid7 is a leading Security Company and Creator of world's best penetration testing software called 'Metasploit'. The company confirmed via Twitter that Metasploit.com was hacked via a spoofed DNS change request sent via fax to its registrar, Register.com.
The group came to prominence earlier this week when it managed to hijack the websites of popular messaging service WhatsApp and anti-virus company AVG among others.


On the website, the hacker posted "Hello Metasploit. After Whatsapp , Avira, Alexa , AVG and other sites. We were thinking about quitting hacking and disappear again! But we said: there is some sites must be hacked. You are one of our targets. Therefore we are here. And there is another thing do you know Palestine?"

Rapid7 official statement regarding the incident: 
This morning the DNS settings for Rapid7.com and Metasploit.com were changed by a malicious third-party. We have taken action to address the issue and both sites are now locked down. We are currently investigating the situation, but it looks like the domain was hijacked via a spoofed change request faxed to Register.com. We apologize for the service disruption, and do not anticipate any further implications for our users and customers at this time. We will keep everyone posted as we learn more, and let the community know if any action is needed.”

Mirror of defacement also available at Zone-H. The incident, highlights a serious issue with how Register.com handles faxed change requests.

3 comments: