Surprisingly enough, Google Pakistan’s home page (google.com.pk) is “hacked” by Turkish hackers putting a message which doesn’t make much sense if we read a translation. There’s a phrase in English which says “Pakistan Downed”, surprising coming from a friendly country like Turkey. Well, hackers will be hackers.
Upon investigating a bit, I realized it’s not the Google’s servers/data centres that have been compromised. It’s rather the infiltration in PKNIC’s database which is the official domain name registrar for Pakistani cTLD .PK domains. The conclusion was quick to make as the WHOIS record of google.com.pk point to some free hosting service as DNS providers which obviously can’t be Google.
It is still unclear how did the hackers manage to get into the user console of PKNIC. I am also unsure whether the password has been compromised or not. If the access to user console is lost, it could be until Monday to retrieve that because as far as I know PKNIC offices are closed on weekends especially on this one coinciding with public holidays of Ashoora. Not to mention the registrar works slow and takes a lot of paperwork for verification etc.
Even if Google Pakistan’s domain manager manages to retrieve the control and updates to correct DNS settings, it could still be several hours before propagation and restoration of Google Pakistan’s home page.
P.S. A weirdly cool song runs in the background of defaced page = )
Update 1: Microsoft.pk also among the defaced websites hacked using the same technique by same hackers. The PKNIC accounts compromised are apparently managed by MarkMonitor Inc, an American brand protection company. It’s been more than two hours and DNS still NOT fixed. Seems like my prediction’s right.
Update 2: After around 18 hours, Google.com.pk’s DNS settings in PKNIC’s database have been restored and the website has started coming back gradually. It might still take several hours for some visitors to access, because DNS propagation takes time.