Classified ads service Craigslist suffered a DNS (Domain Name System) hijack Sunday evening, which saw site visitors redirected to “a site hosted at the domain DigitalGangster(dot)Com”, according to Security Week.
Unable to cope with the volume of traffic that Craigslist normally gets, the server was “unable to respond to most web requests”, so the attacker temporarily redirected traffic to the New York Times website “after going through a third party click through gateway, which could have been an affiliate link”, before reverting to the Digital Gangster domain.
As of Monday morning, Craigslist had regained control of the domain registration.
Craigslist’s CEO blogged about the incident:
“At approximately 5pm PST Sunday evening the craigslist domain name service (DNS) records maintained at one of our domain registrars were compromised, diverting users to various non-craigslist sites.
“This issue has been corrected at the source, but many internet service providers (ISPs) cached the false DNS information for several hours, and some may still have incorrect information.
“If you are unable to reach the craigslist site, please ask your network provider or tech staff to flush all *.craigslist.org and *.craigslist.com entries (A,CNAME,SOA) from their DNS servers.”
DNS hijacking rarely affects customer information, instead causing disruption to affected sites by gaining control over domain names. Many high-profile websites have been affected by similar attacks: for example, Twitter suffered a DNS hijack last December when attackers calling themselves the Iranian Cyber Army took control of the popular microblogging site’s DNS records.
DNS can be vulnerable in many ways, so the best way to ensure your organization doesn’t fall victim to a similar attack is to implement a robust information security management system (ISMS) as set out by the international standard for information security management, ISO 27001.
IT Governance has created four packaged solutions that will enable you to implement ISO 27001 at a speed and price appropriate for your individual needs and preferred project approach. Each fixed-price solution is a combination of products and services that can be accessed online and deployed by any company in the world.