Attacking web sites by going to the source, targeting DNS servers rather than the web sites themselves shows both the boldness of hackers as well as the fragility of the Internet.
While not new, DNS hijacking attacks took an important turn this year showing how much we rely on the web and now little we care for its protection. In the past DNS hijacking required complete control over the DNS server. In recent years most applications are controlled through a web interface, including DNS servers. Earlier this year attackers found an XSS vulnerability in a common DNS platform to hijack unused DNS entries for phishing
But this was only a small prelude to the real thing. CNet reports that this time hackers took over an entire TLD (Top Level Domain, or country) DNS server using SQL injection, virtually defacing the Puerto Rican site of companies such as Google and Microsoft.
The amazing story unfolds in the comments to CNet story, which outlines a mischievous professor and slow authorities who let him privatize and monetize on domain registration in Puerto Rico without any control.
The question we are left with is whether other countries and geographies different? Or even other industries for that matter?