top | item 7295095

A DNS hijacking experience and the status of ccTLDs in Latin America

2 points| matiasb | 12 years ago | reply

An Iranian cracker broke into the paraguayan ccTLD registrar[0] (exploiting a security hole reported by me 6 years ago) and managed to point Google.com.py to its own nameserver. The DNS records were pointed to the same IP, serving a smiley face through HTTP[1].

SENATICS[2], the government ICT department, published a press release indicating that no attack was made and that everything was just a misunderstanding.

Later the attacker decided to leak private data from the server[3] (a complete database dump, containing over ~20000 items, including document number, e-mail, phone number, etc). This served as a pressure for government and they finally took the blame for the incident.

At the same time, the argentinian registrar[4] announced that they will start charging for the domains around 25 U$ per year (currently it’s still free, and it’s possible to register a domain by using your identity card). Just to give you an idea, in Paraguay we’re paying 45 U$ for a .py domain name, per year. And we’re currently dicussing if it’s worth paying that amount for a service with such big security issues (obviously this isn’t the first one, among several other irregularities).

[0] http://www.nic.py/

[1] http://www.abc.com.py/nacionales/falla-seguridad-de-nicpy-1218433.html

[2] http://www.senatics.gov.py/

[3] http://ha.cker.ir/2014/02/www-nic-py-py-registrar-rce-vulnerablity/, http://cker.ir/leak/nic-py/

[4] https://nic.ar/

discuss

No comments yet.