Oman targeted by Moroccan hackers
Moroccan hackers attack sites in Oman
Click here to add Badar Ali Al Salehi as an alert
Disable alert for Badar Ali Al Salehi,
Click here to add Google as an alert
Disable alert for Google,
Click here to add Google.com. as an alert
Disable alert for Google.com.,
Click here to add Gulf Infotech as an alert
Disable alert for Gulf Infotech,
Click here to add HSBC Bank Oman as an alert
Disable alert for HSBC Bank Oman,
Click here to add Hsbc.com. as an alert
Disable alert for Hsbc.com.,
Click here to add Rahul Bhavsar as an alert
Disable alert for Rahul Bhavsar,
Click here to add VeriSign as an alert
Disable alert for VeriSign
It was a field day for hackers as Google's Oman domain (http://www.google.com.om) was defaced yesterday by Moroccan-based fraudsters, said Rahul Bhavsar, CEO of Gulf Infotech.
Gulf Infotech is the Google enterprise partner for Middle East and North Africa (MENA) region.
In an e-mail interview, Eng. Badar Ali Al Salehi, Director of the Oman National Computer Emergency Response Team (CERT), pointed out that five organisations, including Google.com.om and Hsbc.com.om, had come under attack yesterday. "This is not a case of website hacking or website defacement; these websites were not really hacked. Rather, it is an example of a Domain Name System (DNS) cache poisoning type of attack," he stated.
Bhavsar, however, noted that nothing had been compromised, following the attacks.
"Customers and the users (of these websites) have nothing to worry about," he clarified.
In a statement mailed to Times of Oman, HSBC Bank Oman SAOG confirmed that on the morning of April 21, 2013, access to its website, www.hsbc.co.om, had been temporarily disrupted as a result of a "cyber attack".
Several other websites in Oman that use the same Internet service provider (ISP) faced similar disruptions. HSBC Bank Oman would like to reassure its customers that there was no security breach of any kind to either the personal or business Internet banking platforms, which are protected by very robust security standards to prevent any unauthorised access to customer data. We use leading technologies such as (but not limited to) 128-bit VeriSign secure socket layer data encryption, firewalls, and server authentication to safeguard our customers' data.
"The systems were quickly recovered, and we would like to apologise to customers for any inconvenience they may have experienced," it explained.
According to Al Salehi, a cache poisoning attack is performed when the attacker exploits a flaw in a server's DNS software. "DNS servers are generally deployed in an organisation's network to improve resolution-response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users being serviced directly by the compromised server or indirectly through its downstream server(s), if applicable," he remarked.
If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching incorrect entries locally and will serve them to other users who make the same request.
"This technique can be used to direct users of a website to another site of the attacker's choosing. For example, an attacker can spoof the IP address DNS entries for a target website on a given DNS server and replace them with the IP address of another computer or server he controls. He then creates files on the server he controls with names matching those on the target server.
These files could contain malicious content, such as a computer worm or a computer virus. A user whose computer has referenced the poisoned DNS server would be tricked into accepting content from a non-authentic server and would unknowingly download malicious content," he said.
Therefore, those who tried to visit the affected websites were redirected to other websites. "OCERT has already coordinated with local ISPs and has taken the necessary actions to correct the redirection of the given websites to incorrectly cached sites, and they are now working correctly," he added. OCERT is also further probing the issue with ISPs to understand the root of the problem.
A Royal Decree was issued regarding the formulation of a cyber-crime law in 2011 (Royal Decree No. 12/2011), stating the different penalties for violators.
- IMF report details the crippling economic effects of conflict in MENA
- Saudi Arabia's plastic consumption 20 times higher than global average
- VAT in Egypt: A guide to taxed and exempted goods
- Go big or go home: Expat salaries soar in Dubai
- Lebanon: Financial analysts warn of long-term economic repercussions after BLOM Bank attack
- Hackers Intercept Algerian President's Email, Vandalize Key Official Sites
- Oman Aviation Services (Oman Air) Implements Advanced Security Solution to Ensure Smooth Operations
- Done with Israel? Anonymous threatens to hack Gulf oil companies over use of US dollars
- Recognizing potential: MENA cyber-security market crosses $25 billion mark
- White House Website Attacked by Chinese Hackers