StatusCake

5 times domains have been hijacked

domain hijacking

It’s a common belief that once we purchase a domain, it’ll be ours for as long as we like. Big mistake. Mainly because there are genuine threats to your domain online that mostly go unthought of. For example, hackers can gain access to your system and take your domain for ransom or cause malicious damage to you and your business. Surprised? Well, we have 5 examples of exactly when this has happened, and how hackers have managed to gain access to domains and cause mass disruption. 

1. Google.com.vn (Vietnam) – Lizard Squad

It may seem shocking to you but even Google, the world’s most dominant search engine, had its Vietnam region domain hijacked in 2015. The hackers used a hacking method known as DDoS (distributed denial-of-service) which is ultimately used to take down websites. They redirected users to a website that sold hacking tools to the general public. As you can expect, Google acted quickly to minimise the damage from this hack and swiftly managed to get their domain back. 

2. Lenovo – (Vietnam) – Lizard Squad

The same team who caused Google’s issues also hacked Lenovo using the same method. It’s reported that the reason behind the hack was connected to “Superfish” which is a digital marketing tool for online ads. Lenovo was linked to this marketing company as it provided devices with pre-installed software towards the end of 2014 which turned out to be a security risk to the users. The software did not only collect data on the images on your browser but also other traffic that you viewed as it was acting as a proxy on the device. It seems like the hack was only carried out to cause problems for Lenovo and bring the issue to light.

A Lenovo spokesperson said “we did not do a thorough enough job understanding how Superfish would find and provide their info. That’s on us. That’s a mistake that we made.” 

3. GoDaddy – Spammy Bear

This attack occurred in 2018 when many domains that we are all accustomed to, noticed that highly suspicious emails were sent out to institutions around the US asking for $20000 ransom. It became apparent that the reason this was happening was due to a group hacking into the DNS provider and taking over the domain name. The group was after dormant domains that were linked to large corporations such as Mozilla, Yelp, and Mastercard to name a few. Godaddy soon fixed the issue and announced that the group had taken advantage of a weakness in its system which was quickly rectified.

4. Microsoft Outlook Web access portal for the government of Cyprus – Sea Turtle 

In this hack which occurred in January 2017, it is believed that the hackers used the old-fashioned “phishing email” to gain access to credentials that would allow them to access the domain and gain control of the system. Phishing techniques are still one of the most-used and easiest ways to gain access to any system. The issue was quickly identified and resolved but the question is – how long did they have access to this and how many emails did they redirect to gain access to confidential information?

5. Cafax – sponsored Black Hats

It might sound strange that a sponsored hack might target a consulting firm but there does seem to be a reason for this. Cafax has a consultant working for them who is employed by netnod a Swedish DNS provider and one of the 13 foundational DNS providers that control the i.root in the global distribution system. It seems the hackers were trying to gain access to netnod through the credentials of this consultant. Previously the hackers had succeeded in accessing netnod but luckily, it seemed this time they didn’t manage to.

What we can see from these 5 domain hacking examples is that it doesn’t matter how big your organisation is, there are threats out there that will do whatever they can to gain access to your information either to sell it back to you or to someone who is interested in it. 

Sign up to StatusCake for free today to monitor your domain.

Share this

More from StatusCake

monoliths
Engineering

Microservices vs Monoliths explained

6 min read If you’re a dev you’ve no doubt, come across people talking about monolith and microservice application architecture. Perhaps you are involved in designing a new system and have been asked to consider both architectures. The conversations are often regarding how microservices are the successor to monolith architecture, but today I’m going to try and layout why it’s not as simple as one being better than the other.

black friday
short-reads

Why you should have a website monitoring tool ready for Black Friday

2 min read It’s not all fun and games as a company owner during the biggest sales season of the year; unfortunately, you’re more likely to suffer website issues than on an average day. Find out how you can keep your website performing at its best during Black Friday right here!

SSO
short-reads

Why Google SSO is so important

3 min read Do you know what an SSO is? Do you know if you’re currently using one? Here’s everything you need to know about an SSO and what the benefits are to using them.

affiliate marketing
How To

How to make money online for beginners

5 min read In this article, we are going to look at some of the options to help you start making money online as a beginner from home, with the flexibility and a small investment depending on the model that you want to pursue and right for you.

design patterns
Engineering

3 useful design patterns every developer should know about

7 min read The term “Design Pattern” describes a well-known and battle-tested solution to a problem that developers tend to encounter again and again when developing software. Here’s our step-by-step guides to the most useful ones!

Engineering

Shiny, new CSS features to get to know

4 min read The CSS landscape at the moment is ever-changing. There are many new features that have been released recently, so I thought I’d have a look around and summarise those that caught my eye, concisely in this post.

Want to know how much website downtime costs, and the impact it can have on your business?

Find out everything you need to know in our new uptime monitoring whitepaper 2021

*By providing your email address, you agree to our privacy policy and to receive marketing communications from StatusCake.