

.pk registrar hacked, Pakistani sites for Google, MSN, Apple, Ebay redirected - nitochi
http://thehackersmedia.blogspot.ro/2012/11/google-msn-appl-ebay-visa-hp-pakistan.html

======
ComputerGuru
So it's a bit of a misleading title, it appears the registrar for .PK is what
was hacked, and these are the sites that are now being redirected.

Also, can someone please add spaces after the commas in the title? Thanks!
(currently reads Google,MSN,Apple,Ebay)

------
irfan
There are 975 .Pk domains registered by MarkMonitor. google, visa, PayPal,
sony, zynga, microsoft, hp all rely on MarkMonitor for their identity in
Pakistan. It seems that MarkMonitor's account with pknic was compromised. 110
.PK domains had their name servers changed to freehostia.com recently. All of
them registered by MarkMonitor. Here is the list: [http://i.com.pk/110-pk-
domains-managed-by-markmmonitor-got-h...](http://i.com.pk/110-pk-domains-
managed-by-markmmonitor-got-ha) [note: this list was compiled by me]

~~~
sek
So basically they are the ones who got hacked, pknic should be in the
headline. Markmonitor manages a lot of the most important domains worldwide,
so i guess pknic got a very angry call.

------
codeka
This is what I'm getting for google.com.pk currently:

    
    
      ;; ANSWER SECTION:
      google.com.pk.		3578	IN	A	127.0.0.1
    

The name server seems to be set to some random one as well:

    
    
      ;; AUTHORITY SECTION:
      google.com.pk.		38400	IN	NS	dns1.freehostia.com.
      google.com.pk.		38400	IN	NS	dns2.freehostia.com.
    

Google normally host their own DNS, so I'd expect that to go ns1.google.com
(etc). Doing a whois for google.com.pk returns the address as "Mountain View,
Canada" which is kind of amusing.

~~~
jrockway
I also find it amusing that the bad DNS entry propagated to 8.8.8.8:

    
    
        $ dig @8.8.8.8 www.google.pk
    
        ; <<>> DiG 9.8.4 <<>> @8.8.8.8 www.google.pk
        ; (1 server found)
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53040
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
        ;; QUESTION SECTION:
        ;www.google.pk.			IN	A
    
        ;; ANSWER SECTION:
        www.google.pk.		626	IN	A	127.0.0.1
    
        ;; Query time: 23 msec
        ;; SERVER: 8.8.8.8#53(8.8.8.8)
        ;; WHEN: Sat Nov 24 10:23:48 2012
        ;; MSG SIZE  rcvd: 47

------
dendory
If you do a whois on www.pknic.net.pk for any of the listed hacked domains,
they all have their correct contact info but refer to "dns1.freehostia.com" so
it seems the .pk domain registrar must have been hacked.

------
fmax30
Everything is normal here (i'm in pakistan) , google msn ebay all are
accessible. So either this story is an outright lie, or the so called hackers
might actually be just idiots.

~~~
mjschultz
You might still have the correct values in your DNS cache for the sites. It
looks like the .pk registrar was hacked and the DNS for these site changed.

Since you're in Pakistan, you've probably recently resolved some of these
names so you'd get the correct version.

~~~
manojlds
It's ironic that the intention, I gather, was to cripple Pakistan users from
accessing these site, but they can still acess the sites, but outside world
can't.

------
pknerd
Atleast accessible for me, I am on PTCL network, Pakistan.

~~~
ankitaggarwal
change in name servers take some time to propagate. Try to access it through
some US proxy?

Strange to see that Whois data. Surely something wrong.

Though, this post has misleading title.

------
neebz
screenshot : <http://cl.ly/L7mk>

------
TazeTSchnitzel
I wonder if somebody misunderstood the meaning of "Hacker News".

~~~
ghaste
Well looking at the quality of written English, it would be quite possible...

