NEWS FROM THE LAB - Thursday, March 20, 2008

Formula 1 Racing and Computer Security Posted by Mikko @ 08:36 GMT

Let's see. There's fourteen hours to go before the next Formula 1 Grand Prix starts at the Sepang circuit in Kuala Lumpur, Malaysia — not too far away from our Malaysian research lab. Will it be R�ikk�nen, Kovalainen, or Rosberg winning this time?

This was the question on the mind of one of our engineers when he today tried accessing the official home page of the Malaysian Grand Prix. Instead of the latest news on the heroic efforts of the Finnish F1 drivers, he got a picture of a box of laundry detergent:


It seems that somebody defaced the official home page, just hours before the race starts.

Interestingly, the web server itself doesn't seem to be affected. It's running just fine at its original IP address:


What's going on here is that some clown managed to modify the DNS information of the domain malaysiangp.com.my.

Malaysiangp.com.my has nameservers under five different providers:


Some of them point to the original, real site:


…and some of them point to the defacement page, being hosted at a free hosting service at oxyhostsfree.com:


This change happened just hours ago — perhaps by the hacker guessing a password for the DNS management system or by using social engineering to get a provider to change the DNS IP address.

Well, at least this defacement just changed the front page. There were no exploits or malware on the site. That would have been really bad, as this site must be getting tons of traffic right now.