KUALA LUMPUR, July 1 — Websites allegedly hijacked by a Bangladeshi hacker activist protesting against the treatment of his countrymen in Malaysia have returned to normal, Malaysia's online regulator assured the public today.
Several websites with “.com.my” addresses were affected today by a domain name server (DNS) hijacking, which led users of those sites to another temporary site bearing the message from the hacktivist.
“This intrusion raises concern but, fortunately, initial steps were swiftly taken to address the suspected intrusion. For now, service to most of the compromised domains has been restored and is already running as per normal,” said Malaysian Communications and Multimedia Commission (MCMC) chairman Datuk Mohamed Sharil Tarmizi.
MCMC also confirmed that it has set up a team together with the Royal Malaysian Police (PDRM) to investigate the incident.
According to MCMC, preliminary investigations have suggested that sole “.my” domain administrator MYNIC Bhd's registry has been compromised, but it was limited to only websites registered with “.com.my” addresses.
The hijack, also called “DNS poisoning”, had affected several major sites including search engines Google Malaysia (google.com.my), Yahoo! Malaysia (yahoo.com.my), MSN Malaysia (msn.com.my), and Bing Malaysia (bing.com.my).
Users were redirected to a new homepage carrying the message, “HackeD By [email protected] #Bangladeshi HackeR.
“Hello malaysia, you think you are more advanced than us? Respect our workers, we will respect you! Running it since 2007 :)”
Dhillon Kannabhiran, chief executive officer and founder of IT security conference Hack In The Box, explained that the websites have not been defaced or even hacked, but instead their addresses were redirected to temporary websites.
“Think of it like I changed the actual phone number tied to an entry in your address book, so when you call the entry that says 'Office', instead of calling the office, it dials 1300-GOATSE instead,” he told technology news site Digital News Asia.
Earlier today, MCMC announced that a total of RM1.9 million was lost to phishing cases last year, but the numbers are decreasing this year due to a concerted effort together with the Royal Malaysian Police (PDRM) and Bank Negara Malaysia (BNM).
“Phishing” is a jargon for the attempts to get an Internet user's information such as login username, password, and credit card details by fraudsters disguised as a trusted website, for example, the user's bank's website.