‘Hacking not due to outdated tech’
The cyber attack faced by the .lk domain on Saturday (6) morning where many addresses were affected by a malicious redirection, including search engine giant Google, was “not due to outdated tech”.
Speaking to The Morning yesterday (7), LK Domain Registry Domain Registrar Prof. Gihan Dias claimed that the technology used by the registry is the latest and that the attack exposed vulnerabilities that could always be exploited in technology.
“The technology was not outdated. We have always been using the latest technology. There may have been some vulnerabilities as any technology can always have them.”
Prof. Dias said that at around 6 a.m. on Saturday, certain domain names were changed by an unknown entity. The domain identified this immediately as the systems are frequently monitored, he said. The irregularities were picked up and by 8.30 a.m., the domains were reverted.
“The domain is operational. Only a small number of about 10 domains were changed. We are planning to bring it up as soon as possible and we will put in place very stringent security measures to make sure that this type of thing will not happen. We are looking at the weaknesses and identifying them. Before we make these domains available we will make sure that this kind of thing won’t happen in the future.”
Investigations are underway to determine the nature of the attack, said Prof. Dias.
“We have taken backups of all the affected systems and we are carefully examining them with the help of TechCERT, who is our security provider.”
Speaking to The Morning yesterday, software engineer and cyber security researcher Duminda Jayasena who raised concerns about the level of security of the .lk domain, said that a domain takeover poses risks of endless damages.
“A domain being taken over is one of the worst things that could happen as the hacker would have total control over the domain.”
He noted that if an online banking portal was taken over, the hacker will be able to use the usernames and passwords to do transactions and that two-factor authentication is an important security measure to be put in place to avoid such attacks.
He also said that the attack could be a case of what is referred to as domain name service (DNS) poisoning, which would mean that the technology is outdated and weak on security, or worse, a case of the attack being orchestrated by an insider having access to the domain registry.
When inquired whether this attack was what is called DNS poisoning, Prof. Dias said that though this was definitely an issue to do with the DNS, it was not what is generally called DNS poisoning, which is a kind of attack where altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.
When asked whether attacks of this nature have taken place before on the .lk domain, Prof. Dias said that they have gone through all the logs going back to last year and that they have no evidence to show that this has happened before Saturday’s attack as of yet.
The .lk domain sites were redirected to a site titled “Really Freedom?”, where photographs and content criticising the Sri Lankan Government and raising concerns of estate workers, human rights and media freedom, and Tamil political prisoners, among other issues, were displayed.