Romanian Google, Microsoft, Yahoo, PayPal, and various other sites were briefly redirected to a rogue server on Wednesday. The redirect is most likely the outcome of a decade-old hacking method that underlines the fragility of the Internet’s routing system.
For a span of one to several hours on Wednesday morning, people typing Google.ro, Yahoo.ro where greeted with a deface page or another server hosting a deface page. Researchers stated the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses.
Kaspersky Lab Senior Security Researcher Stefan Tanase said Wednesday’s attack could have been a lot worse. Thus far, all accounts indicate visitors were redirected to a page that did little more than boast of the exploit and acknowledge fellow hackers.
“Imagine how many accounts could have been compromised this morning if these websites were redirected to a phishing page, instead of a defacement page,” he wrote.