‘pk’ domain under threat: PKNIC remains at risk of cyber attacks

Published: February 8, 2013

Hackers breach US-based firm’s security system twice in three months. DESIGN: JAMAL KHURSHID

KARACHI: 

Hacked twice in the last three months, PKNIC – a shared registry system that manages the .pk domain name space (DNS) for Pakistani websites – remains vulnerable to basic-level cyber attacks.

Though the company has thwarted the recent attack, it is still investigating the security breach.

PKNIC, which hosts 23,000 users of the .pk domain, including national-level websites, was attacked on Monday this week after a group of hackers penetrated and defaced several websites, including those of Pakistan’s famous newspapers.

“thenews.com.pk, jang.com.pk and many other[s] hacked,” ZombiE_KsA, the hacker, said in a post on PAKbugs – an online community the hacker group belongs to. “More coming, stay tuned,” the hacker said.

The hackers – ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak – criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers.

“Here we go again, pknic.net.pk you think you control .pk domains? … You don’t! Today, we are controlling .pk domains,” they said in a message left on the defaced pages. “After you patched your [faulty] system, we still owned you,” the message read.

The hackers redirected the websites by changing their DNS on PKNIC leading the visitors to the defaced pages.

This was the second successful attack on PKNIC, a private company based in California, United States. In November 2012, Eboz, a Turkish hacker, entered PKNIC servers, taking down about 284 websites with the .pk domain including google.com.pk. Later on, PKNIC issued a statement, claiming it had fixed the vulnerabilities and the website was secured.

“Apparently, this is the same person who breached (the security system) in November and is using passwords of users stolen at that time,” PKNIC customer support team told The Express Tribune in an email.

Explaining, they said, “all passwords were reset as a precaution after the November breach, but some users may have reverted to old passwords again.”

The hackers claimed that they had successfully extracted information about 23,000 accounts, which was denied by PKNIC.

“We found less than a dozen DNS changes and everything was restored on Monday morning at 6:30 am Pakistan time,” the email said. “However, some of these websites’ DNS are cached by local ISPs longer than necessary, which delays the refresh, back to normal,” it said.

PKNIC has not mentioned what measures it is considering to protect its website from attacks in future. “We are investigating this issue and therefore cannot make any definite statement at present,” they said in the email.

The hackers exploited vulnerabilities in PKNIC, but they may not have caused any harm to the websites.

The attack on DNS is considered a very basic hacking technique in the cyber world, according to Barrister Zahid Jamil, an expert in assessing cyber crime. The hackers redirected the servers of the websites, he said, but this didn’t mean they had access to their servers.

Jamil believed that the recent attack was the result of security flaws in the clients’ own websites.

“This was a basic-level attack,” said Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal’s bug bounty programme after exposing a critical vulnerability in the website.

However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection – the most powerful cyber attack, according to Open Web Application Security Project (OWASP). OWASP is the world’s largest organisation in terms of web application security and penetration testing.

Through SQL injection, the hacker can extract the entire database from the target website, Baloch said.

At present, there are no laws in the country to govern this type of cyber vandalism.

“This would have been a criminal offence under Section 36 of the Electronic Transaction Ordinance 2002,” Barrister Jamil said. But this section was repealed by the president in 2009 and no alternative law was introduced to cover this offence, he said.

If the government passes the Prevention of Electronic Crimes bill, such offences can be covered, he said.

Published in The Express Tribune, February 8th, 2013.

Like Business on Facebook to stay informed and join in the conversation.

on Twitter, become a fan on Facebook

Reader Comments (7)

  • Feb 8, 2013 - 2:55PM

    Why is an American company (based in California) managing our .PK DNS?

    Recommend

  • Feb 8, 2013 - 3:09PM

    PKNIC, which hosts 23,000 users of the .pk domain

    There are more than 42,000 .PK domains. See http://pktools.net/

    Recommend

  • Malik
    Feb 8, 2013 - 4:11PM

    @Antebellum:
    because Main sb. and BB were sleeping when PK NIC registery was setup by private party.

    Recommend

  • rizwan
    Feb 8, 2013 - 6:47PM

    incompetence thats all.

    Recommend

  • Owais Qazi
    Feb 8, 2013 - 11:37PM

    it’s purely PKNIC security weakness and everyone knows it has nothing to do with the affected websites. very weak argument :(

    Recommend

  • Feb 9, 2013 - 7:11AM

    Why is an American company (based in California) managing our .PK DNS? :O

    Recommend

  • Feb 9, 2013 - 9:57AM

    @Owais Qazi

    Actually it could be either way, you never know! Companies, specially Pakistani, don’t really invest in the IT departnemt.

    Recommend

More in Business