It was a field day for hackers as Google's Oman domain (http://www.google.com.om ) was defaced yesterday by Moroccan-based fraudsters, said Rahul Bhavsar, CEO of Gulf Infotech . Gulf Infotech is the Google enterprise partner for Middle East and North Africa (MENA) region.In an e-mail interview, Eng. Badar Ali Al Salehi, Director of the Oman National Computer Emergency Response Team (CERT ), pointed out that five organisations, including Google.com.om and Hsbc.com.om, had come under attack yesterday. "This is not a case of website hacking or website defacement; these websites were not really hacked. Rather, it is an example of a Domain Name System (DNS) cache poisoning type of attack," he stated.Bhavsar, however, noted that nothing had been compromised, following the attacks."Customers and the users (of these websites) have nothing to worry about," he clarified.
In a statement mailed to Times of Oman, HSBC Bank Oman SAOG confirmed that on the morning of April 21, 2013, access to its website, www.hsbc.co.om , had been temporarily disrupted as a result of a "cyber attack ".Several other websites in Oman that use the same Internet service provider (ISP) faced similar disruptions. HSBC Bank Oman would like to reassure its customers that there was no security breach of any kind to either the personal or business Internet banking platforms, which are protected by very robust security standards to prevent any unauthorised access to customer data. We use leading technologies such as (but not limited to) 128-bit VeriSign secure socket layer data encryption, firewalls, and server authentication to safeguard our customers' data. "The systems were quickly recovered, and we would like to apologise to customers for any inconvenience they may have experienced," it explained.According to Al Salehi, a cache poisoning attack is performed when the attacker exploits a flaw in a server's DNS software. "DNS servers are generally deployed in an organisation's network to improve resolution-response performance by caching previously obtained query results. Poisoning attacks on a single DNS server can affect the users being serviced directly by the compromised server or indirectly through its downstream server(s), if applicable," he remarked.If the server does not correctly validate DNS responses to ensure that they are from an authoritative source, the server will end up caching incorrect entries locally and will serve them to other users who make the same request. "This technique can be used to direct users of a website to another site of the attacker's choosing. For example, an attacker can spoof the IP address DNS entries for a target website on a given DNS server and replace them with the IP address of another computer or server he controls. He then creates files on the server he controls with names matching those on the target server. These files could contain malicious content, such as a computer worm or a computer virus. A user whose computer has referenced the poisoned DNS server would be tricked into accepting content from a non-authentic server and would unknowingly download malicious content," he said.Therefore, those who tried to visit the affected websites were redirected to other websites. "OCERT has already coordinated with local ISPs and has taken the necessary actions to correct the redirection of the given websites to incorrectly cached sites, and they are now working correctly," he added. OCERT is also further probing the issue with ISPs to understand the root of the problem.A Royal Decree was issued regarding the formulation of a cyber-crime law in 2011 (Royal Decree No. 12/2011), stating the different penalties for violators.