Slashdot Mirror
The Register Hacked
First time accepted submitter rjmx writes "Looks like The Register has been hacked. Its front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker."
← Back to Stories (view on slashdot.org)
looks like the hacker retroactively stole all their credibility!
Do you even lift?
These aren't the 'roids you're looking for.
its, not it's. Sorry about that.
Copyright 2005?? What the fuck? lol
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
website is down, cant wait to read odds and sods when its back up.... :O)
the register is shithouse anyway
Errr...UK here, seems all good to me...
Did i miss the hack? Kudos to the admin if i did. I was reading it not two hours before this too.
-1 is for flame bait and trolls, not because you disagree with someone.
The last hacker only hacked it with OMG ponies.
Lol, why would he care about copyright? Afraid some other hacker might steal his logo?
If you saw the "hacked" page, you were being routed to a different server.
As of 2025 GMT, I'm still seeing the "hacked" page. Since I haven't specifically been to El Reg in over a week, I'm not seeing a cached copy.
As for the "hack"?
Wow. Going to be a very interesting read come Monday morning?
[End Of Line]
People are complain on twitter about him taking down UPS.com too. I only get a DNS error from them. This has to be a DNS hack.
It's front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker.
Personally I blame Israel - they love doing false flag ops and it's pretty obvious after Turkey just said they were going to escort the next Gaza fleet. This is jews lying and deceiving and finger pointing to get their way, again.
And you slashdot their homepage at the same time? Poor admins!
"If fifty million people say a foolish thing, it's still a foolish thing."
Front page still hacked, but fairly harmlessly. Does that hacker know what sort of wasps' nest he may have poked his nose into? No doubt, we shall hear more from the BOFH.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
root@bt:/root# whois theregister.co.uk
Domain name:
theregister.co.uk
Registrant:
Linus Birtles
Trading as:
The Register
Registrant type:
UK Sole Trader
Registrant's address:
Situation Publishing Limited
PO Box 478
Southport
PR8 2ZW
United Kingdom
Registered through:
NetNames Limited
URL: http://www.netnames.co.uk/
Registrar:
Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
URL: http://www.ascio.com/
Relevant dates:
Registered on: before Aug-1996
Renewal date: 14-Mar-2012
Last updated: 04-Sep-2011
Registration status:
Registered until renewal date.
Name servers:
ns1.yumurtakabugu.com
ns2.yumurtakabugu.com
WHOIS lookup made at 21:34:15 04-Sep-2011
The Turkish thing is just misdirection.
Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."
I can confirm that this supports our view that AGW is a hoax.
along with lots of spammy sites ? dont you guys have a police force ? or is the USA still a spammers haven ?
http://www.robtex.com/ip/67.228.37.8.html
Looks like a DNS hack, which'd explain why some people are seeing it come back to life and others aren't -- all depends on ISP DNS servers (cacheing and whatnot).
Anyway, can't say I'm particularly bothered. Once upon a time, about 7 years ago, the Register went downhill so badly that I stopped visiting it all together. They had a bone-headed editorial style that made them seem arrogant, dim-witted and sometimes just unpleasant. These days, whenever I accidentally follow a YC HackerNews link there (from Twitter), it looks like they're basically the same now as then.
The tipping point for me came when some idiot on their staff wrote an article complaining that Google had drawn a special logo for a world water day, but not for St. George's day (an silly English thing that we have every year). It looks like a joke in bad taste, but I don't think it was - not least because the guy that wrote tended to have a 'toxic' element in most of his writing. I've seen a few articles since showing their scepticism of climate change, wheeling out the usual 'aren't we so clever for being able to think for ourselves' bullshit despite clearly not having 'a fucking clue'.
I guess their tech coverage was OK, but their opinions got right up my nose.
Wow, what a stupid tag to apply to the story. The Register is an awesome site (if you can understand the British humour at times).
If cannot live without The Register, put into your hosts file
Linux: /etc/hosts
Windows: C:\windows\system32\drivers\etc\host
these two lines:
72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk
And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.
theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.
/sarcasm
There you are, Microsoft aid crackers.
http://www.gnu.org/philosophy/words-to-avoid.html#Hacker
host -t NS theregister.co.uk
theregister.co.uk name server ns2.yumurtakabugu.com.
theregister.co.uk name server ns3.yumurtakabugu.com.
theregister.co.uk name server ns1.yumurtakabugu.com.
theregister.co.uk name server ns4.yumurtakabugu.com.
Having to work for a living is the root of all evil.
So people who have no problems keepin on top of the latest alphabet soup of the software world are completely stumped by the difference between IT IS and ITS?
Gateworld.net is down too. FYI:
Also, i do not see what good is in slashdotting them at this time.
Hivemind harvest in progress..
Appears fixed as of 21:49 GMT.
Turkguvenligi (http://twitter.com/Turkguvenligi/following) just unfollowed an account whom he was following one hour ago! YSR08 (http://twitter.com/#!/ysr08)
Using Just-Ping to check from 50+ locations around the world only 5% have what is traditionally the correct IP (212.100.234.54 according to Netcraft) or so have the current IP most say the DNS is down.
http://just-ping.com/index.php?vh=www.theregister.co.uk&c=&s=ping!
I forced an update with Netcraft it now has a record of the another IP 68.68.20.116 with different server headers which I presume is the broken site.
http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk
The hackers could have done more damage if they also increased the TTL of the domains they poisoned. 24 hours seems to be the time atm.
As shown by a `dig www.theregister.co.uk +trace`, DNS servers are returning the correct data already. Same for ups.com.
the rsa hack (xls file) that was uncovered recently and this seem very similar to some scientology related stuff that I ran afoul of about 8 months ago, right before this stuff happened. I am still a tech noob so I didnt want to say too much about it and thought I would just let it play itself out and see what the purpose of it was. I was running around LA and doing some basic, uh, we'll say practice penetration testing (completely non-malicious, seriously). I started to answer a bunch of ads on CL trying to get a job where I could furthering my programming, SEO and similar abilities. I got a ton more responses than in any other city I have ever lived in and started to work with a company where I was editing a yahoo store inventory in xml and csv form. I guess it was obvious that I was just teaching myself this stuff as I went along and eventually the guy that hired me sent me an XLS file that did all kinds of nastiness to my comp when I opened it. I realized, sort of, what was going on but I didnt really understand what the motivation was and was more curious than anything. At first I played like I didnt even notice the infection, except that I was monitoring the traffic from my infected machine from another box. There was some sort of traffic that would happen at startup from feeds.bbc.co.uk and feeds.bbci.co.uk. I did some searching around and found, I think you would call them linkbacks, sites that had keywords of the companies website and also scientology in the source. I am not at all a tin-foil hat type, but if you do some research on scientology, they are the sort of organization that would be able to do this stuff on a large scale. I dont give a crap about anon, but I guess I should mention that I was very vocal with the local proselytizers about the blight on the earth that is scientology before I even knew what anon was or the tactics of the scilons. I just want to get this out there in the hopes that people more technically inclined than myself can prevent bad shit from happening. I think I was just regarded as a good practice target because I look more like someone you would buy drugs from than someone with half a brain. The scilons have their hands in all sorts of businesses in the LA area apparently, but the root of this was clothingisland dot com, although they have a bunch of similarly named sites that operate in a seedy part of town (south of downtown).
Several sites, including the register and ups.com were redirected by DNS to a defacement page...
A list of the sites is at:
http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1
It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.
Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry out the defacement.
It would appear that the registrar for the domains in question has been hacked, and the hackers chose a few high profile sites to deface.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
looks like http://theblitzbit.com/ is still pointed to the right name servers.
Their back..
Looks like they have got themselves sorted again.
Curiosity was framed; ignorance killed the cat. -- Author unknown
El reg is fine... I am looking at it right now. (4.13pst 4/9)
So it wasn't reg that was hacked, it was their DNS server.
Article fail
1) Get some SSL keys
2) Redirect the DNS Servers
3) Profit!
PING www.theregister.co.uk (212.100.234.54) 56(84) bytes of data.
64 bytes from 212.100.234.54: icmp_req=1 ttl=38 time=328 ms
so just use http://212.100.234.54/ and you get the site
I think we all missed the point here. It is not El Reg who have been hacked. It is everybody else who has been hacked. Our dependency on DNS is our fault not theirs. If we had the correct address in our hosts files we would not have this issue. This is like asking some stranger for direction to some store and then you complain to the store owner for having got lost on the way and gotten mugged. I already can see how some enterprising readers could offer off-shored host file repositories for those off us less inclined to manage our own hosts files, for lets say $10 per year. I am sure there would also be some more profit oriented people out there who might offer the same service with added security for more.
This same guy (or group) hacked a number of high profile websites today, or at least their dns servers.
The article is being updated with a list. So far ups.com, betfair.com, acer.com, vodafone.com, and telegraph.co.uk have all been defaced with the same image.
Take me to the room where the red's all red
Take me out of my head-'s what I said yeah
Its a hacking attack.
biting the hand that feeds it, (pun intended)
Politics is Treachery, Religion is Brainwashing
What did they hack???
The problem with socialism is that eventually you run out of other people's money
The seem to have declared it 'world hacking day'. I wouldn't mind a world hacking day where everyone tries to attack websites. That way at least companies will pull up their pants once a year and it will be 'open season' on sites with crappy security. Could help.
not turkish. israeli. its part a smear campaign being undertaken by israel against trukey for kicking out the israeli ambassador and severing military ties.
theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.
Working fine for me. Maybe you should try going to the register's actual site instead of following the poisoned DNS entry to some strange IP which has nothing to do with them.
Surprised this hasn't come up yet...
I doubt the turkish hax0r had this in mind, but I think the register might have deserved a takedown in this case. They are clearly disproportionately biased against copyright infringement issues search them for the term 'freetards', when the wikileaks stories broke they had a lot of negative coverage including a purple devil like image of Assange that reminded me of 'rock bottom' accusing homer simpson of sexual harassment.
fair play for their good articles, phrom, NOTW phone hacking etc.but they know which side their bread is buttered and won't let an inconvenient truth get in the way of their benefactors interests.
h4ck1n9 is not a cr1m3
Can somebody please shut the freaking script-kiddie who thinks he's cool up? I mean seriously...it's going on my nerves that those guys are called hackers. I mean, I'm not a hacker, not even close...hell, I'm not even a network coder because I suck at it...but I respect the real hacker community enough to exclude those guys from them.
...than the hack itself is the lack of cooperation from ISPs used by the hackers. They don't seem to care that illegal activity is taking place on their network. Whether the attack originates from their network or the network hosts the web page or DNS records, they ignore requests for action.
...as at timestamp.
Operation Guillotine is in effect.
You can see this pattern with most of their staff- their articles are just often outright false. Where they're not false, they completely miss fundamental points. Where they don't miss fundamental points, they just outright lie.
So that's really why they have the reputation- they're just too agenda based. Their writers all vehemently pursue their own political agendas without care for facts, without care for reason, and worst of all- without care for the truth. That's not journalism, that's propaganda.
Hmmm. As long as the publication remains profitable, the staff should be able to write whatever the fuck they want to. You make it sound like there is some kind of obligation in the publishing business to be fair and balanced. I don't think there is. And I don't think it really matters to a discerning reader that they are calling themselves journalists when they are really just propagandists; getting all sides of a story, even the distorted side, is valuable.
Website hacked and replaced with meaningless drivel, sounds like a normal day for the register :-)
I suggest the following much more informative and accurate headline and body:
NetNames Hacked, Turks temporarily hijack The Register's DNS
NetNames formal statement: At approximately 2100BST on Sunday 4 September 2011 a very small number of customer domains were redirected to an unauthorised domain name server (DNS server). This was done by placing unauthorised re-delegation orders through to the registries via our provisioning system. These orders updated the address of the master DNS servers responsible for serving data for these domains. The rogue name server then served incorrect DNS data to redirect legitimate web traffic intended for customer web sites through to a hacker holding page branded TurkGuvenligi. The unauthorised orders were added by using a SQL injection attack to gain access to a number of our customer accounts.
just a defacement probably through latest apache exploit.
Read radical news here
1st of all, it's not what you put down here:
"Windows: C:\windows\system32\drivers\etc\host" - by Artem Tashkinov (764309) on Sunday September 04, @05:03PM (#37304222)
It's C:\windows\system32\drivers\etc\hosts (note the trailing bolded "s"?)
AND, quite possibly (but, not in THIS case w/ 'ElReg' in this case because I get the SAME IP address resolution you do, & either you are in the same part of the planet I am, or the register only serves up from 1 server that's static in nature as far as IP address resolutions from the URL/host-domain name, probably the case here)?
It's possible that what "ping" resolves to MAY NOT BE THE FASTEST RESULT for all others everywhere in an IP Address resolution for other sites (or the same for all others reading here):
72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk
Some sites may get a diff. IP address results (GOOGLE'd be a GOOD SOLID EXAMPLE OF THAT in fact)... but, as far as the register is concerned, you're ok! Seems they only serve up from 1 single IP address... unlike sites like GOOGLE do, for example.
So, then, a tracerouting might be a better way to find a closer faster resolving IP Address with less "hops" in it (again, not in this case, I get the same IP address result you do, but on diff. sites that are widely distributed worldwide, server-wise, such as GOOGLE, that may not always be the case)...
APK
P.S.=> At least you were "modded up" for a post on HOSTS file usefulness information... I state that, lol, because when I do it? Well... 9/10 times, I get a "downmod" (hit & run cowardly ones w/ no technical justification that's valid behind them no less as well)... apk