Syrian Electronic Army hacks Qatar sites
The Syrian Electronic Army, an invisible group of internet hackers who are known to back Syrian President Bashar al-Assad, has hacked a host of Qatari websites early on Saturday morning.
The group posted on its Twitter account, links to websites with the .qa domain that were hit - these include moi.gov.qa, facebook.qa, gov.qa, vodafone.qa, aljazeera.net.qa, google.com.qa, ooredoo.com.qa, diwan.gov.qa and mofa.gov.qa
At first, the websites were directed to a page that included a picture of Assad and the groups logo.
#SEA #SyrianElectronicArmy pic.twitter.com/ROxNcuzeQp
— SyrianElectronicArmy (@Official_SEA16) October 19, 2013
A short while later, the websites were all redirected to generic hosting company pages, but the SEA did share some screenshots of the hacked sites as well.
Did you see any hacked websites?
@gene_lv: America just kept quit bcoz their image is already spoiled after WTC, afghan and Iraq attack for own purpose. why didn't they entered in Burma when Buddhist killed many muslims If they are true freedom fighters or democratic?
Very good. Who support terrorists, deserve that kind of action. Long live President Assad.
hope Qatar government take strict action these hackers
exactly dns would create horrible scenario, where exact page replica can take easily all your info ! luckily they didnt do this and users won't be able to track this easily, however i checked they had this 'stats counter' installed on the redirected page !
This is either .QA Authority DNS server or Qtel/OOredoo DNS server that was attacked. But when this happened, I switched on my US VPN service and was able to access www.google.com.qa. So most likely its Qtel DNS server's were the one affected. Scary if they create a website that looks like the original to harvest username and password (man in the middle attacked).
CeMeNoMore is right. It does appear that .qa registry was compromised which would redirect the sites.
What a wicked smile he has. Just wondering was that smile from the good times or the difficult times that he has been going through lately
Donot worry too much ......
now working google.com.qa.. Thanks,
you can browse throw this link google.co.in
only sub domains of the .qa name server where affected (qnb.com.qa, moi.gov.qa, etc..) but all .qa domain names like qp.qa are still working fine, which means that they managed to make the .qa domain name accept wrong replies for dns queries he sends. It will take approximately 24 hours for the correct A records to be propagate again..
And yes DNSSEC should prevent these types of attacks because the answers are digitally signed which provides authentication to queries making sure they are coming from the correct server.
People that support Assad are like him, mentally deranged and worth killing like him...and I wonder where America is in there struggle towards democracy and Freedom.
how about having dnssec.
Try google.co.in to search..
what about qatarliving.com?
Yup, A records got modified, they are being propagated to all dns servers from root server ! qtel has the ns records i guess
You Guys don't have to worry about any Private, Personally Identifiable or Credit card information.
It's a DNS Poisoning attack. Basically they redirected all traffic to a free web hosting sites in USA where you can see the above pictures. and because the free services has limited resources you get the CPU limit exceeded message.
Bottom line is that the original sites remains untouched and your information are safe.
its a ddos+defacing attempt, almost all index pages were defaced..they must have hosted websites with limited subscription !
I am getting the excess CPU limit on the QNB website too, seems like a pretty big hit!
It's a DNS Poisoning attack.. They managed to change the IP addresses of the websites in the Global DNS and redirected all traffic to a free web hosting site (000webhost.com), where they published the alternate web pages, but the original sites remains un touched and all information remains safe, so you don't have to worry about credit cards or any Personally Identifiable Information (PII) that might be stored there.....
It's a DNS Poisoning attack.. They managed to change the IP addresses of the websites in the Global DNS and redirected all traffic to a free web hosting site (000webhost.com), where they published the alternate web pages, but the original sites remains un touched and all information remains safe, so you don't have to worry about credit cards or any Personally Identifiable Information (PII) that might be stored there.....
Luckily not, ooredoo is down due to excess of CPU limit, which means it was targeted with fake requests to server too, but who knows what happened behind the scene.
Are you kidding? all of our credit cards are on ooredoo.com.qa. They can have access to that?
MOI was hit with tons of fake requests to server, which makes server so much busy and unable to respond and fails down.
Its hacked.. even google also didn' get any search results