Al-Jazeera domain hijacked

The bad news continued on Thursday for Arab satellite television network Al-Jazeera. A hacker hijacked the network's domain, www.aljazeera.net, pointing visitors to another site that displayed a pro-war message.

Administrators at Al-Jazeera became aware of the problem late Thursday morning, Greenwich Mean Time (GMT), after being contacted by the European company that hosts the network's Web page, according to Salah AlSeddiqi, IT manager at Al-Jazeera in Doha, Qatar.

Traffic to Al-Jazeera's servers at the Europe hosting site had stopped, AlSeddiqi was told.

"They wanted to know if I had changed something. I told them I hadn't," AlSeddiqi said.

When he tried to visit Al-Jazeera's Web site, AlSeddiqi noticed that traffic was being directed to a different site, http://members.networld.com/freedom2003/Index.sb, that displayed a pro-war message.

AlSeddiqi also attempted to log on to the administrative interface for the domain, only to find that the password for the administrative account had been changed, locking him out, he said.

"It seems somebody has hijacked the domain," said Martijn Mooijman, a security specialist at security company Organisatie Beveiliging IT BV (OBIT) in The Hague, Netherlands.

The aljazeera.net domain is managed by Network Solutions, a domain name registration service owned by VeriSign Inc.

Al-Jazeera staff worked with Network Solutions to restore ownership to the network and point the domain to Al-Jazeera's Web servers. By Thursday evening ownership of the aljazeera.net domain was returned to the network.

VeriSign did not respond to requests for comment.

Some Web surfers could still access the site for the Qatar-based satellite news station on Thursday, even though the domain seemed to be hijacked.

That is not surprising, said Mooijman, who early evening on Thursday, GMT, could also access the Arabic Al-Jazeera site.

"It is normal that some people still see the original page, while others see the hijacker's page. It takes about 24 hours before all the DNS servers in the world are updated," he said. As a consequence, restoring aljazeera.net after the hijacking will also take about 24 hours, he added.

No information was available on how the domain was hijacked.

"Our first concern is to get the domain restored and then we'll focus on how it happened," AlSeddiqi said.

The site to which visitors were directed belonged to NetWORLD Connections Inc., a Salt Lake City, Internet service provider.

NetWORLD staff detected the defaced page Thursday morning after noticing a spike in traffic to its Web servers, as visitors to aljazeera.net were directed to NetWORLD's servers, according to Ken Bowman, president and CEO of NetWORLD.

The defaced page was in an area of his company's Web site that allows individuals to post Web pages for free. The site is commonly used to host family Web pages, he said.

While NetWORLD requires users to register with the company before posting pages on the site, the company does not corroborate the registration information.

In the case of the defaced page, the registration information that was provided was "fictitious," according to Bowman.

NetWORLD staff removed the defaced page at 4:30 p.m. GMT on Thursday, and had no information on who may have posted the page, he said.

For AlSeddiqi, the domain hijacking is just the latest in a series of attacks since the beginning of the war between the U.S. and Iraq.

The network's Web sites have been crippled by distributed denial of service attacks, which began shortly after the network posted pictures of U.S. soldiers who had been captured by Iraq.

Al-Jazeera was hoping to have traffic flowing back to its Web servers by Thursday evening, but remained concerned about the possibility of further attacks from hackers who were sympathetic with the U.S. and hostile to Al-Jazeera's sometimes critical coverage of the U.S.-led attacks on Iraq.

"Its been a very hard week. We get out from one problem and we run into another," AlSeddiqi said. "We don't know what they're going to do next."

More about: Greenwich Mean Time, VeriSign

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/149/dropbox/

Dropbox

Dropbox is a sharing tool that allows you to synchronize your documents, as well share files with others. It automatically uploads the files to the ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia