Sepang F1 Website, soaped!
By Hazimin Sulaiman
BARELY fourteen hours before the start of another exciting Formula 1 Grand Prix at the Sepang circuit in Kuala Lumpur, Malaysia, someone else beat favourites Räikkönen, Kovalainen and Rosberg. Well, on the headlines at least. On the last 20 March, F-Secure, Malaysia engineers checking out the malaysiangp.com.my Website were greeted by a box of detergent.
The defacement of the official homepage, just hours before the start of the race however, did not effect the Webserver; it was found to be running on its original IP address.Fans looking for the last minute Malaysia F1 Grand Prix ticket information to catch the race, end up getting a picture of the laundry detergent box mentioned. According to Chia Wing Fei, Security Response Team Manager, F-Secure Security Labs Kuala Lumpur "The original site was still intact and reachable using the IP address, only the DNS record was modified to point to a different host – a free hosting website.
Everyone who wanted to visit the website would simply just type in the DNS name of the website – malaysiangp.com.my instead of the IP address because hardly anyone would go through the hassle of typing in the IP address of the website." Chia reckons that the hijacker either discovered the password to the DNS Server; or with the use of social engineering, managed to get the provider to change the host record since it was a Malaysian public holiday on the day the incident occurred and "maybe there wasn’t full staff at office."
The hijacker it seems however, did it certainly for bragging rights and fame.No actual compromise to the site was made to host malware and no malware was hosted on the redirected site. If malware were hosted, it would have been a disaster given the amount of traffic the site would have received from all over the world.Malaysiangp.com.my has nameservers under five different providers. At the time of the defacement, some of them still pointed to the original or real site. Some of them pointed to the defacement page hosted at a free hosting service, oxyhostsfree.com.
By Hazimin Sulaiman
BARELY fourteen hours before the start of another exciting Formula 1 Grand Prix at the Sepang circuit in Kuala Lumpur, Malaysia, someone else beat favourites Räikkönen, Kovalainen and Rosberg. Well, on the headlines at least. On the last 20 March, F-Secure, Malaysia engineers checking out the malaysiangp.com.my Website were greeted by a box of detergent.
The defacement of the official homepage, just hours before the start of the race however, did not effect the Webserver; it was found to be running on its original IP address.Fans looking for the last minute Malaysia F1 Grand Prix ticket information to catch the race, end up getting a picture of the laundry detergent box mentioned. According to Chia Wing Fei, Security Response Team Manager, F-Secure Security Labs Kuala Lumpur "The original site was still intact and reachable using the IP address, only the DNS record was modified to point to a different host – a free hosting website.
Everyone who wanted to visit the website would simply just type in the DNS name of the website – malaysiangp.com.my instead of the IP address because hardly anyone would go through the hassle of typing in the IP address of the website." Chia reckons that the hijacker either discovered the password to the DNS Server; or with the use of social engineering, managed to get the provider to change the host record since it was a Malaysian public holiday on the day the incident occurred and "maybe there wasn’t full staff at office."
The hijacker it seems however, did it certainly for bragging rights and fame.No actual compromise to the site was made to host malware and no malware was hosted on the redirected site. If malware were hosted, it would have been a disaster given the amount of traffic the site would have received from all over the world.Malaysiangp.com.my has nameservers under five different providers. At the time of the defacement, some of them still pointed to the original or real site. Some of them pointed to the defacement page hosted at a free hosting service, oxyhostsfree.com.
