Paraguayan ccTLD Hacked, Google.com.py Redirected, Internal Database Leaked

← Back to Stories (view on slashdot.org)

Paraguayan ccTLD Hacked, Google.com.py Redirected, Internal Database Leaked

Posted by Unknown on Monday February 24, 2014 @10:10PM from the security-audits-who-needs-em dept.

MrJones writes "Last February 20th, hackers supposedly from Iran accessed and modified (English) the www.NIC.py database, redirecting www.google.com.py to another site. The hackers posted the whole NIC.py database containing full names, national ID numbers, street addresses, phone numbers, and more of registrants. This is not the first time (English) that NIC.py, managed by the 2 most respectful Computer Science Universities of Paraguay, was hacked. Since the entire database was released, local white hat hackers were able to calculate how much money NIC.py was making annually (English) by charging $44 US per .py domain. The local CS community are urging the NIC.py administrators to do all whats possible to protect the .py domain names since the hack was done by exploiting a simple remote code execution vulnerability. If they can modify google.com.py, just imagine what they can do to banks and financial institutions. Maybe Google can helps us."

24 of 44 comments (clear)

Min score:

Reason:

Sort:

Maybe it just isn't the best criteria by Anonymous Coward · 2014-02-24 22:33 · Score: 5, Funny

"managed by the 2 most respectful Computer Science Universities of Paraguay"
I'm all for politeness but I think something like this should probably be managed by the most respected Universities.
1. Re:Maybe it just isn't the best criteria by Anonymous Coward · 2014-02-24 22:44 · Score: 1
  
  Maybe Google can helps us with grammar.
2. Re:Maybe it just isn't the best criteria by Anonymous Coward · 2014-02-25 00:18 · Score: 1
  
  Well, normally, it is editors who can helps us with grammar.
  But this is Slashdot... so I guess Google is our only hope.
3. Re:Maybe it just isn't the best criteria by Elros · 2014-02-25 01:06 · Score: 1
  
  Well, normally, it is editors who can helps us with grammar.
  But this is Slashdot... so I guess Google is our only hope.
  Help me, Larry Page! You're my only hope!
4. Re:Maybe it just isn't the best criteria by ColdWetDog · 2014-02-25 04:11 · Score: 1
  
  Oh, Paraguay
  
  --
  Faster! Faster! Faster would be better!
5. Re:Maybe it just isn't the best criteria by radarskiy · 2014-02-25 07:27 · Score: 1
  
  Where could grammar help be used? The sentence in question is grammatically correct.
Re:not incompetent, just lazy! by Chrisq · 2014-02-24 22:51 · Score: 2

The Paraguayans are lazy about patching their security holes because the weather is so nice.
Hence the "Maybe Google can helps us". Why bother to leave the hammock yourself!
For extra irony points by Arancaytar · 2014-02-24 22:54 · Score: 5, Funny

I hope it was a vulnerability in their Python code?
1. Re: For extra irony points by Juan+de+los+Palotes · 2014-02-25 00:27 · Score: 1
  
  well, it was just a matter of Âimport nicÂ.
2. Re:For extra irony points by Anonymous Coward · 2014-02-25 00:30 · Score: 1
  
  There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.
3. Re:For extra irony points by Fear+the+Clam · 2014-02-25 00:35 · Score: 3, Funny
  
  There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.
  The Anaconda don't want none unless you got root access, Hon.
4. Re: For extra irony points by jones_supa · 2014-02-25 00:55 · Score: 2
  
  Anyone reading this at Dice...can you at least finally add the Unicode support to the Beta?
5. Re: For extra irony points by Cryacin · 2014-02-25 00:59 · Score: 3, Funny
  
  No Dice.
  
  --
  Science advances one funeral at a time- Max Planck
6. Re:For extra irony points by Nyder · 2014-02-25 05:58 · Score: 1
  
  There are no Pythons genus snakes in South America. The closet you get are the Eunectes, which includes the Anaconda.
  The Anaconda don't want none unless you got root access, Hon.
  Nice Sir Mix-a-lot. =)
  
  --
  Be seeing you...
7. Re: For extra irony points by Soulskill · 2014-02-25 13:38 · Score: 1
  
  It's on our to-do list (and has been for a long time), but our to-do list is pretty huge. I'll bring it up again at our next meeting and see when we can find time for it. Sorry I don't have anything more specific for you.
Most respectful? by wonkey_monkey · 2014-02-24 22:56 · Score: 4, Funny

the 2 most respectful Computer Science Universities of Paraguay
Respectful is nice. Respected would be better.

--
systemd is Roko's Basilisk.
1. Re:Most respectful? by oodaloop · 2014-02-25 00:32 · Score: 1
  
  I hope they at least did the needful.
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Re:jagger's dna lost in lhc composting accident by philip.paradis · 2014-02-24 23:16 · Score: 1

The bit about hymenless monkeys is intriguing. Newsletter?

--
Write failed: Broken pipe
The hacker found the password by Anonymous Coward · 2014-02-24 23:50 · Score: 1

The admins didn't fool the hacker when they used "passwordo" as root password.
"Last February 20th, by Threni · 2014-02-25 01:39 · Score: 1

You mean this February then. That was last week, not last year, therefore its misleading to say "last February".
It's not only universities problem by alefq · 2014-02-25 02:34 · Score: 1

People buying domains for that price without complaining is also a BIG part of the problem. Paraguay has one of the most expensive TLD 44 USD, and probable the worst service. This is not an isolated case, is the reality in many other areas in my country, paraguayans running a public service abusing of other paraguayans. More and more people are buying domains outside ".py" because of that, overpriced and poor quality of service.
Re:Triple Frontier by TheDarkMaster · 2014-02-25 03:29 · Score: 1

A "bit"? The place is like the old north-american Wild West. All you need to do to bump into a criminal is entering the country.

--
Religion: The greatest weapon of mass destruction of all time
A note by stonecypher · 2014-02-25 12:16 · Score: 1

Nothing needs to be hacked to get that same estimate of revenue.
Just download their zone file and multiply by their annual. The zone file even tells you when they were registered and when they're registered until, allowing you to take account of public discounts for registration length.
It's still an upper bound; you don't know what other offers or freebies are in there. But still. It's a better upper bound than the hack ostensibly provides.

--
StoneCypher is Full of BS
Central point of failure by Hypotensive · 2014-02-25 21:15 · Score: 1

Lessons still not learned.