Google Paraguay Hijacked via NIC.py Hack


Google Paraguay defaced via DNS hijack

An Iranian hacker who uses the online moniker Mormoroth has managed to breach the systems of the Network Information Center of Paraguay (nic.py). The attacker used the access to make it look like Google Paraguay (google.com.py) was defaced.

The hacker hasn’t actually breached any of Google’s systems. Instead, he altered the DNS records for google.com.py to redirect the site’s visitors to his defacement page.

Mormoroth published a number of screenshots to demonstrate that he had gained access to NIC.py’s backend systems. He leaked some user credentials and other information stolen from the site’s databases.

In a blog post on ha.cker.ir, the hacker has explained that he has leveraged a remote code execution (RCE) vulnerability to breach NIC.py.

“By executing simple localroot exploit we are able to gain root access and cp all data on server but that is not necessary, admin have set inappropriate permissions on all directories which made us capable of browsing everywhere and reading any file,” Mormoroth noted.

The hacker says that initially he didn’t want to publish any data stolen from the NIC. However, he decided to leak some information after Paraguayan authorities allegedly said “there wasn’t any hack.”

A cyber security expert told ABC Color that he alerted Paraguay’s National Computing Center of the vulnerability exploited by the Iranian hacker five years ago. However, the organization didn’t respond to his reports and the security hole remained unfixed.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s