Friday, January 02, 2009

Morocco based "Team Evil" reroutes prominent Israeli websites

After more than 10,000 websites being defaced in protest of Israeli actions in Gaza, Morrocco-based defacement team "Team Evil" has raced the cyber attack to a new level. By logging in the Internet registration services provider, Domain The Net Technologies, using the real credentials of the domain owner, the hackers were able to redirect traffic for several prominent Israeli websites, including that of YnetNews.com, a major Israeli English-speaking news website, and the website "www.israirairlines.com". This blogger also found evidence that the site "terrorism-info.org.il" was also rerouted to the same location. Terrorism-info is a site showing the "Operation Cast Lead" from the Israeli point of view.

Anyone entering the actual address of YnetNews during this time would not be sent to the real webserver, but instead be redirected by the fake DNS server to another server, displaying the hacker's message.

The website read:

Hacked by JURM-TEAM & CYBER-TERRORIST & TEAM-Evil

Lpooxd@gmail.com & Cyb3rt@hotmail.com

The Bitter Truth History repeats itself all the victims were said to words such as "terrorists" and the only reason for those words and that the overwhelming offender and murderer was a stronger force, but will not last, and the criminals will be rotting in hell and can not escape the punishment of God

Holocaust :Victims (the Palestinians) - the offender (the Zionists) # are still ongoing #
Holocaust :Victims (the Iraqis) - the offender (U.S. military) # are still ongoing #

There are many images that continue to occur, but you learn from history?!
* * *
The only solution for peace for all peoples in Palestine, Jews and Muslims and Christians is the demise of the Zionist and that the treatment of malignant cancer tumor
Look at the result of X-Ray for tumor, and they will learn that they do not want the peace, it is a dirty game of global
..... Machine Closed....................
........................................................................................................................................................................................................................................

We Are : Jurm / Cyber-terrorist / Dr.Noursoft / Dr.Win / Sql_Master / J3ibi9a / Scritpx // Fatna Bant Hmida

" Greetz : All Muslims Hackers "


(Images are not included above. The images included covered bodies, a scene from Abu Grhaib prison, a protestor with a sign against Zionism, and a series of maps showing the loss of land by Palestinians)

During the attack, the YNetNews web address was being resolved by the nameserver "ns1.bestsecurity.jp". To its credit, YNetNews actually ran a story about the attack on its own website. Unfortunately both Lebanese and Israeli media sources have reported that the traffic was being rerouted to Japan. This is actually not correct. The IP address for ns1.bestsecurity.jp is 64.38.30.146, which is actually located on Fast Servers in Chicago, Illinois. The machine to which the traffic was being redirected, 64.38.30.147, was also at Fast Servers in Chicago, Illinois.

This is not the first time the YNetNews website has been hacked in response to Israeli actions. The website was also defaced back on July 5, 2008 by a hacker group calling itself "Jurm-Team". At that time the website showed a Syrian flag, and had a headline reading "Syria: End Israeli Aggression".

Although it has been speculated that the way such an attack would be performed is that the password used to login to the domain registration server would have been stolen. One common way to steal such information is to plant a trojan on a computer belonging to a target. The YNetNews story mentioned above actually interviewed Yoav Keren, CEO of DomainTheNet Technologies, who confirmed that Team Evil hackers had breached their server and was able to find the passwords used by various domain registration customers, allowing the hackers to then log in as the domain owner and re-route their DNS servers as described above. (The breach has since been closed).

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.