

Malaysia Airlines Defaced - 404 Plane Not Found - scubasteve
http://www.wsj.com/articles/malaysia-airlines-website-hacked-by-group-calling-itself-cyber-caliphate-1422238358

======
corobo
Bad as the deface is, they're making decent looking takeover pages these days.
Not too bad that design

Take away the greetz and the embarrassment and you're halfway to a snazzy
landing page

~~~
scubasteve
The second defacement reminded me of a geocities page with music playing in
the background.

Reference: [http://www.nbcnews.com/storyline/isis-terror/lizard-squad-
cl...](http://www.nbcnews.com/storyline/isis-terror/lizard-squad-claims-it-
hacked-malaysia-airlines-website-n293461)

------
mintplant
> hacked by a group claiming be aligned with the Islamic State extremist group

> hackers claiming to be similarly aligned with the Islamic State extremist
> group

This is either really dishonest or really stupid reporting. They're not
_actually_ aligning themselves with ISIS. They're just trolls trying to be
edgy.

~~~
zerocrates
I don't see how it's dishonest.

Whatever their actual alignment and/or edgy-troll status, they still _claimed_
to be aligned with ISIS, just as the article says.

~~~
potatolicious
The job of a journalist is to fact-check and separate fact from fiction.

Which is to say, when the subject of an article claims something, you should
probably not print it verbatim without thinking it through at least a little
bit, and maybe determine the credibility of what's being said.

It is not the job of a journalist to regurgitate sources blindly.

Otherwise... _hey journalists, I am literally the second coming of Jesus, you
guys should interview me and tell people I 'm the Son of God_.

~~~
DanBC
In your example journalists would say that you claim to be the son of god.
They wouldn't say that you are the son of god.

You seem to be asking journalists to say "he claims to be the son of god (but
he isn't, obvs)" which is asking th journalists to provide information they
don't have.

~~~
marvin
My local newspaper stretched it a bit further by saying that the website was
defaced bt "sympathizers of IS". Which is doubly funny, because they obviously
took the bait.

------
ryanlol
Interestingly enough, despite malaysia airlines claiming that this is just a
DNS hijack. It appears that their own CDN (Akamai) is now serving the deface
page. (The page was being served by cloudflare before)

~~~
JoshTriplett
Many CDNs work by retrieving the page themselves, caching it, and re-
delivering on request. In that case, if the original page changes, the CDN
would automatically change too.

~~~
ryanlol
Which would imply that their backend was compromised, not just DNS.

~~~
zkhalique
The CDN could have simply refreshed its DNS cache couldn't it? That would mean
it loaded the files from somewhere else.

~~~
ryanlol
Unless there was something horribly wrong with their setup, akamai would have
prevented that from happening.

~~~
Tiksi
I'm not sure how they are supposed to prevent this. If you have access to the
dns, you can change the record for the origin server that the cdn pulls from.
Nothing "horribly wrong" with that.

~~~
ryanlol
Akamai makes you to set your own DNS server for it to pull records from, the
domain getting hijacked should not have any effect on what that DNS server is
returning.

~~~
Tiksi
I may be missing something, but this:

 _> It added that its domain name system was compromised._

sounds like their DNS server was compromised.

Also, I've never worked with Akamai, but every cdn I have worked with just
follows the ns records and resolves against that, which could be changed with
access to the domain/registrar. Does Akamai not do that?

~~~
ryanlol
Their domains DNS servers were switched to cloudflare, I'd imagine that's the
DNS compromise they're referring to.

Not _their_ DNS servers getting compromised.

~~~
Tiksi
Hmm, I figured it was just the records being pointed to cloudflare, since
everything I could find makes it sound like that, but you may be correct that
the nameservers were changed, as cloudflare's nameservers look like they have
a record for the domain, but are returning different records:
[http://paste.click/s/qKkejf](http://paste.click/s/qKkejf) [0]

Which appears to be down now anyways:
[http://paste.click/s/UlxsWA](http://paste.click/s/UlxsWA) [1]

However I suspect cloudflare's nameservers might just return A records
pointing to cloudflare if they don't exist, I'm not sure.

Though that still doesn't answer the second part. Would Akamai not use the
authoritative nameservers to resolve the origin? Cdn providers I've worked
with (Level3, edgecast, Highwinds, and others) just resolve based on the
authoritative nameservers, and I'm genuinely curious if Akamai doesn't do
that.

Edit: forgot that my keybinding throws the js/syntax highlighted url into my
clipboard, which is pointless for this, here are the plaintext links to the
same thing:

[0] [http://paste.click/qKkejf](http://paste.click/qKkejf)

[1] [http://paste.click/UlxsWA](http://paste.click/UlxsWA)

~~~
ryanlol
You specify the nameserver for akamai to pull the zone from on the config
site. Their "CDN" is quite a bit smarter than what L3 & co. run.

------
jrockway
"Hey everyone, go visit this website that's probably serving malware!"

~~~
anon1385
Google ads regularly serve malware[1], are you going to tell people not to
visit Google?

[1]
[https://news.ycombinator.com/item?id=8879229](https://news.ycombinator.com/item?id=8879229)

~~~
tombrossman
This isn't the best way to describe the problem or solution.

Users can be advised to install an ad-blocking plugin for their web browser to
protect themselves. Since Google serves adverts from domains other than
google.com, users can continue to use the google.com domain for search while
at the same time blocking the malware coming from ad networks.

------
whizzkid
"The browser window of the website"

It is the first time i am hearing such a definition.

~~~
decentrality
I enjoyed the sole comment on the article at the time too:

"It's 'homepage' not 'browser window'... unless you're 80"

~~~
jobigoud
It's actually called "Page title" though.

------
Buge
HSTS could prevent this from working.

~~~
tyho
So could attaching decent transponders to their aeroplanes.

~~~
jrockway
How much more per flight would you pay for this? Satellites aren't cheap.

~~~
ryanlol
At their scale, yeah they are. (Especially considering you wouldn't need new
sats)

