The Register Hacked

First time accepted submitter rjmx writes "Looks like The Register has been hacked. Its front page has been replaced with a page in tasteful red and black, apparently by a Turkish hacker."

oh shit!

[larry bagina]

looks like the hacker retroactively stole all their credibility!

Home of the BOFH?

[AliasMarlowe]

Front page still hacked, but fairly harmlessly. Does that hacker know what sort of wasps' nest he may have poked his nose into? No doubt, we shall hear more from the BOFH [theregister.co.uk].

Re:

[flappinbooger]

"No doubt, we shall hear more from the BOFH."

What was your user name again? Ah. Ok. "Clicky Clicky."

You know, that wasn't a very nice email you just sent to the President.

Oh, and here, hold this wire.

Re:

[jhoegl]

Looks more like DNS poisoning.

Re:

[boaworm]

You were right, this was an upstreams DNS issue and not a hack on thereg itself.

Re:oh shit!

[KiloByte]

No credibility lost, it's not them who got hacked but their DNS provider.

Re:

[Sulphur]

No credibility lost, it's not them who got hacked but their DNS provider.

The Buzzard brand is safe.

Re:

[Sulphur]

The Buzzard brand is safe.

But has been rebranded as Turkey Vulture

Long live the Buzz; the Vult just sounds wrong.

Re:

[Aighearach]

"their"

Re:oh shit!

[mickwd]

Too late: his credibility is lost :D

Re:

[MrLint]

Credibility will never be the same.

Re:

[turkeyfeathers]

"stake"

Re:

[mapinguari]

No â" just missing punctuation.
So there. Credibility is lost.

Re:oh shit!

[PopeRatzo]

So there credibility is lost. The number of businesses out there who stack everything on a $10 a year relationship is just insane.

Oh, I see. I didn't realize that the problems was they hadn't spent enough money on their DNS services.

Tell me, is that a new approach to network security? You just stack up piles of currency around the DNS server and then there's nothing to worry about?

I can't think of a single reason that you shouldn't expect your DNS services to be secure, no matter how little you happen to be paying for it.

Re:oh shit!

[shentino]

Your credibility is lost when your customers say it is.

Reputation's funny that way.

Re:

[PopeRatzo]

Your credibility is lost when your customers say it is.

Since most customers only say what the marketing industry makes them think, most companies have very little to fear.

But your point is taken. Reputation is funny that way. Strange how quickly reputations can be rehabilitated when there is a sufficient marketing budget, however.

Judging from the long-form commercial I saw during one of the Sunday morning news shows today, British Petroleum is responsible for the pristine environment and smiling faces aro

Re:

[TheRaven64]

commercial I saw during one of the Sunday morning news shows today, British Petroleum

To be fair, if you're watching commercials from 1998 or earlier and expecting them to give you information about the world of today, then you're probably doing something wrong...

Re:oh shit!

[Xest]

For me they didn't have any credibility to lose. I posted a response to one of Andrew Orlowski's articles the other week replying to someone that they shouldn't be surprised to see him agreeing with Murdoch as he's always had a historically right wing viewpoint.

That evening I couldn't log in, and every post I'd ever made to The Register had been deleted.

A site whose journalists can't even handle a post made summing up their political ideology in a polite, fair, and well sourced manner is quite comical. The worst part? my post was actually accepted by their moderator and in true Andrew Orlowski style was retroactively moderated away by him a few hours later (along with the account bad, and retroactive deletion of all my posts ever) I don't think Andrew likes it when he has to face intelligent response to his articles. None of their other bloggers... er I mean "journalists" are any more intelligent, although at least the others don't throw a hissy account banning, post deleting fit when someone disagrees with them. Of course, one might argue that it was my previous posts or something that got me a ban, and to an extent that's possibly true- not that I was trolling there, but that I often only posted to correct faults in their stories, to point out potential issues with their reasoning or to offer counter-opinions to their opinion pieces, but their readership seemed to agree with me as I had over 3000 upvotes against 1000 downvotes with even many of those downvotes stemming from engage in fanboy heavy discussions and daring to criticise some pet manufacturer's actions (cell phones, consoles etc.).

Then on top of that it wouldn't be so bad if it weren't for the fact Andrew Orlowski was constantly attacking sites like Wikipedia complaining about the clique there denying dissenting responses, or his complaints about CRU refusing to be transparent and open. None of that would be a problem if it weren't for the fact he himself often outright refuses to let people comment on his articles, and the few times he does, he goes through the already moderated comments and removes those that point out, with evidence, why he is wrong. At that point it's just sheer hypocrisy and any validity in the points he has to make is lost on the fact he needs to sort out his own inability to ensure he follows the facts, and accept that sometimes he may have been wrong before criticising others on it.

It's amusing too, because all I had to do to get round their ban on my account was request a new password, so it seems they're pretty technically inept too. This was made more amusing by the fact I then really did post a few troll comments to wind them up a bit, only to be banned again, to find that yep, I could still reset my password and repeated this for a few days before it got boring. I swear their admin must've been sat their thinking "How does he keep coming back?".

As you say, credibility goes as your customers say it does. Their actions have added me to the long list of people who also believe the site is a joke. The only reason to go there is for comedy - no, not the terribly written articles - I mean BOFH. But even that seems to be rarely produced now.

Really, The Register is like the internet's version of FUD filled trash papers like News of the World, The Daily Mail and so forth. It's written for the terminally stupid, and intelligent discussion is frowned upon and crushed with an iron fist. If you don't agree with Supreme Leader Andrew Orlowski's mad rantings and often nonsensical drivel then you are wrong.

So excuse me if I lol a bit when I hear they've been hacked.

Re:

[Wowsers]

Customers don't bother to tell companies their credibility is lost, they just don't use the company any more.

Re:

[amiga3D]

At least all of it in the last 6 years. Check the copyright on the page. Nice touch.

Re:

[DoofusOfDeath]

looks like the hacker retroactively stole all their credibility!

You know, I hear lots of people go off on the Register's credibility, but I've never myself noticed a problem. Do you have any examples of what earned them that reputation?

Re:

[Xest]

See my post here:

http://news.slashdot.org/comments.pl?sid=2412564&cid=37307402 [slashdot.org]

Or enjoy reading through things like this, of which Google searches will turn up many:

http://www.edbott.com/weblog/2005/07/andrew-orlowski-is-a-hack/ [edbott.com]

http://paulfwalsh.com/why-andrew-orlowski-from-the-register-is-a-twat/ [paulfwalsh.com]

http://www.texttechnologies.com/2007/03/26/andrew-orlowski-berners-lee-spam-semantic-web/ [texttechnologies.com]

http://blogs.computerworld.com/16711/why_andrew_orlowski_is_wrong_about_net_neutrality [computerworld.com]

http://ktetch.blogspot.com/2011/05/a [blogspot.com]

Re:

[DoofusOfDeath]

Wow, thanks for putting all that effort into your answer. Much appreciated.

Why are they obligated to be fair and balanced?

[rocket rancher]

You can see this pattern with most of their staff- their articles are just often outright false. Where they're not false, they completely miss fundamental points. Where they don't miss fundamental points, they just outright lie.

So that's really why they have the reputation- they're just too agenda based. Their writers all vehemently pursue their own political agendas without care for facts, without care for reason, and worst of all- without care for the truth. That's not journalism, that's propaganda.

Hmmm. As long as the publication remains profitable, the staff should be able to write whatever the fuck they want to. You make it sound like there is some kind of obligation in the publishing business to be fair and balanced. I don't think there is. And I don't think it really matters to a discerning reader that they are calling themselves journalists when they are really just propagandists; getting all sides of a story, even the distorted side, is valuable.

Re:

[Xest]

I'm saying the media is given a position of power- it is granted, in some cases, the ability to break the law in the case of public good.

With that power should come responsibility- the responsibility to use that shield of being the media to produce factual and informative news.

Publications not doing that should not legally be allowed to class themselves as media, journalists, news sites and so forth.

For what it's worth I don't think there is any value in getting a completely false story- if there was some e

Re:

[Xest]

"The curious thing about calling someone "right wing" is that your accusation can never be wrong. Everyone is "right wing" from someone's perspective. So what information is conveyed? None. It's merely an insult, not a criticism."

You've reached an interesting conclusion, but the problem is you completely missed the point.

You assume that suggesting he was right wing was ever even meant to be a criticism, so jumping to the idea that it was an insult from that flawed premise is absurd.

No, the point of the post

Re:

[Vintermann]

The Register is so bad, it's hard to believe they're not part of Gawker.

Oops ...

[rjmx]

its, not it's. Sorry about that.

Re:

[DWMorse]

Last time accepted submitter rjmx writes

Fixed that for you... ;)

Re:

[Forty Two Tenfold]

Neither. TITS.

Re:

[WidgetGuy]

Or, maybe its like PHP. A recursive acronym. Here's an example you can run from my Dropbox [dropbox.com] account. IT'S (ha!) named (of course) "TITS". If you're using the BetterPrivacy plugin for Firefox (or something similar), you'll have to disable it or the page is blocked (I guess it doesn't like HTML files named "TITS.html" -- and BTW, BetterPrivacy, what does "TITS" have to do with my privacy?).

Here's a description of what it does (and how it does it):

function TITS(String theBigT, Number bandSize, String cu

Re:

[rjmx]

And so you should be ...

Re:

[clyde_cadiddlehopper]

Is it?

Wha

[moogied]

Copyright 2005?? What the fuck? lol

Re:

[Zaiff Urgulbunger]

Copyright 2005?? What the fuck? lol

Also, in the source I find:
<meta content="MSHTML 6.00.2900.3698" name="GENERATOR">

Re:

[Anonymous Coward]

He was uploading the packets by individual pigeon.

Unfortunately, he had to breed the pigeons himself.

HAxorS

[UnlimitedFreakOut]

website is down, cant wait to read odds and sods when its back up.... :O)

Re:

[UnlimitedFreakOut]

oh can se it now, yep, still hacked...

Re:HAxorS

[zonky]

Looks like a number of sites affected, all of them seem to be using netnames.co.uk as their registrar, looks like DNS Servers all changed.

DNS hack, some ok some down still,

[Rovastar]

Using Just-Ping to check from 50+ locations around the world only 5% have what is traditionally the correct IP (212.100.234.54 according to Netcraft) or so have the current IP most say the DNS is down.
http://just-ping.com/index.php?vh=www.theregister.co.uk&c=&s=ping [just-ping.com]!

I forced an update with Netcraft it now has a record of the another IP 68.68.20.116 with different server headers which I presume is the broken site.

http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk [netcraft.com]

The hackers could have don

Re:

[Onymous Coward]

Where did you find the registrar for The Register? The whois information I get says

Registrar:
        Ascio Technologies Inc t/a Ascio Technologies inc [Tag = ASCIO]
        URL: http://www.ascio.com/

Big deal

[Anonymous Coward]

the register is shithouse anyway

Website hacked?

[Qlither]

Errr...UK here, seems all good to me...

Did i miss the hack? Kudos to the admin if i did. I was reading it not two hours before this too.

Re:

[Claws Of Doom]

As I write, the site is still defaced. It's been up and down in the last few minutes though...

Re:

[Inda]

Fine here too.

Using Virgin Media's DNS.

Their forum has nothing...

Re:

[Claws Of Doom]

With apologies to the reg's admins, I tried to get to a story I was reading earlier on, and got the following in return:

Not Found The requested URL /2011/09/02/samsung_webos_acquisition_no_not_ever/ was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 Server at ww

Re:

[Anonymous Coward]

thats not theregisters.co.uk 404, they have a custom 404

what you are seeing is the result of DNS poisoning of your ISP, the 404 is from someone elses server
the actual site is fine and has NOT been hacked.
ps the real IP of the reg is 212.100.234.54

Re:

[vtcodger]

Hmmm. I see them at 72.3.246.59 where they are responding to pings. The site called up from that IP looks like the Register.. I never thought about it before, but the page information from opera and konqueror doesn't seem to tell me what the IP I'm looking at is when I feed them a URL. Probably there's a stunningly obvious way to get the IP and I just need some sleep.

Re:

[symbolset]

US here. Been on the site all day, since long before the report. Never hacked from here. Looks like DNS.

Re:

[Sarten-X]

Picture of the UPS hack [imageshack.us]

It's DNS, so not much actual harm done to the targeted servers.

(c) 2005 TurkGuvenligi

[Lord_Naikon]

Lol, why would he care about copyright? Afraid some other hacker might steal his logo?

Re:(c) 2005 TurkGuvenligi

[godrik]

If they do that would be illegal!

Re:

[hattable]

Sadly enough if they took that to a US court he would probably win.

Re:

[xenobyte]

Reminds me of this super-stupid dude who went to the police to report his 'stash' stolen. He knew who did it and the police went with the dude to the home of the thief, and bingo - there was a big bag of weed. The police then asked him to identify it, and he confirmed "yeah, that is mine!". Presto, the police arrested him for possession and the guy that took it for theft and possession... Stupid...

Site wasn't hacked, DNS was

[Anonymous Coward]

If you saw the "hacked" page, you were being routed to a different server.

Re:Site wasn't hacked, DNS was

[Rhodri Mawr]

Mod parent up. This appears to be a case of DNS cache poisoning. Notably www.reghardware.com is unaffected.

Re:

[IonOtter]

Uhmmm...actually, I kinda wish the site itself had been hacked? Knowing this makes me feel more than a little queasy...

Lessee...

Name servers:
ns1.yumurtakabugu.com
ns2.yumurtakabugu.com

C:\Users\ionotter>ping www.theregister.co.uk

Pinging theregister.co.uk [68.68.20.116] with 32 bytes of data:
Reply from 68.68.20.116: bytes=32 time=99ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41
Reply from 68.68.20.116: bytes=32 time=90ms TTL=41

Ping statistics fo

Re:

[Angostura]

Not resolving here using VirginMedia in East London, currently.

Re:

[owlstead]

Poor buggers, their own site forwards you to www.theregister.co.uk :) So even entering the IP address won't work. If it is forwarding me, I think the server is still happily serving requests, to no avail. Yup, changing the hosts file has the wanted result all right.

Oh, and I've seen very few articles from the reg during Sunday, so they might be waiting for the work week to begin, sleeping off their weekend beers.

Still Hacked...

[IonOtter]

As of 2025 GMT, I'm still seeing the "hacked" page. Since I haven't specifically been to El Reg in over a week, I'm not seeing a cached copy.

As for the "hack"?

Wow. Going to be a very interesting read come Monday morning?

Re:

[LordLimecat]

Its a DNS hack with a 24 hr TTL. Might take a while for service to resume. (Though I think Google DNS ignores TTL, so that might be fixed sooner than others).

Re:

[flimflammer]

They must have done a number on that DNS server to keep it in this state for 14 years.

Re:

[JWSmythe]

    Nah, it's probably that new metric time. So roughly at 2025.2472500. :)

Re:

[KingAlanI]

24 hour clock: 2025 = 8:25 PM

Re:

[rapiddescent]

24 hr clock (GMT), but the UK is 1 hour ahead (BST) so it was probably 2125Hrs (9.25pm)

UPS.com too

[madsci1016]

People are complain on twitter about him taking down UPS.com too. I only get a DNS error from them. This has to be a DNS hack.

Re:

[datapharmer]

your dns just hasn't been refreshed either by you or your provider - the issue is actually with the whois record being updated so the authoritative nameservers are set to ns1.yumurtakabugu.com and ns2.yumurtakabugu.com. As a result this can take a while to finish propagating and can take a while to fix!

ups.com acer.com vodafone.com ...

[nicesecurity]

Check http://www.zone-h.org/archive/notifier=TurkguvenLigi.info [zone-h.org] From the cache of http://www.theregister.co.uk/2011/08/12/mckinnon_website_defaced/ [theregister.co.uk] "TurkGuvenligi is a serial website defacer whose previous victims include Secunia. An archive of his work can be found here [3]. Defacers typically use search engines to search for vulnerable sites before setting on victims and uploading digital graffiti on these sites. Such hacks, by themselves, are normally trivial and seldom expose more sensitive systems."

Re:

[nicesecurity]

DNS hack. This is why it doesn't appear for everybody.. yet. Check their whois, they STILL all have these DNS: Domain servers in listed order: ns1.yumurtakabugu.com (NSYUMURT1119540) ns2.yumurtakabugu.com (NSYUMURT1119541)

Corrections

[Artem S. Tashkinov]

If cannot live without The Register, put into your hosts file

Linux: /etc/hosts
Windows: C:\windows\system32\drivers\etc\host

these two lines:

72.3.246.59 theregister.co.uk
72.3.246.59 www.theregister.co.uk

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

Re:Corrections

[NickFortune]

And the summary of the article is apparently wrong, someone stole/hacked into TheRegister DNS zone, TheRegister www servers are intact.

... which is actually kind of cool, seeing as how the Slashdot Effect seems to be wreaking it's usual havoc on the hacker's servers.

Every now and then, reality self-organises in the direction of justice.

Re:

[dudpixel]

Even without slashdot, I imagine the Reg gets a fair amount of traffic.

I wonder if the hacker realised just how much...

You wanna impersonate them? here, have their traffic...see how your servers cope. Who pays for the bandwidth in this case?

Re:

[Bert64]

Someone else, i imagine the hackers are using another hacked server to host the defacement.

Re:

[SameRepeatedSQL]

I'm honestly not trolling here, but has anyone else stopped reading the register as much these days? They really seem to be sinking to tabloid levels, and their editorial line has jumped sharply to the right. Even BOFH just seems to be rinsing and repeating the same old formula. Maybe it's just me ...

meta content="MSHTML 6.00.2900.3698" name="GENERA

[aembleton]

theregister.co.uk seems to be down but the same group has cracked ups.com and the source shows that they used a Microsoft product.

There you are, Microsoft aid crackers.

/sarcasm

wtf is a yumurtakabugu?

[sgt scrub]

host -t NS theregister.co.uk
theregister.co.uk name server ns2.yumurtakabugu.com.
theregister.co.uk name server ns3.yumurtakabugu.com.
theregister.co.uk name server ns1.yumurtakabugu.com.
theregister.co.uk name server ns4.yumurtakabugu.com.

Re:wtf is a yumurtakabugu?

[nomad63]

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...
On the technical side, I think if you are clever enough to come to /., you can check with any whois gateway to see who yumurtakabugu.com it belongs to. But I bet dollars to your pocket lint that, it is also a hacked site.

Re:

[93 Escort Wagon]

it means egg shell for the uninitiated ... I happen to be bilingual :) In Turkish and English...

Okay, WHERE WERE YOU when The Register's DNS provider was hacked?

Gateworld.net too

[Barryke]

Gateworld.net is down too. FYI:

NS1.DNSPARK.NET
NS2.DNSPARK.NET
NS3.DNSPARK.NET
NS4.DNSPARK.NET
NS5.DNSPARK.NET

Also, i do not see what good is in slashdotting them at this time.

DNS Hack

[Bert64]

Several sites, including the register and ups.com were redirected by DNS to a defacement page...

A list of the sites is at:
http://www.zone-h.org/archive/notifier=TurkguvenLigi.info/page=1 [zone-h.org]

It does not seem to be a DNS poisoning, since the whois servers also reported the hacker's dns servers.

Also zone-h reports that the site was running Linux, but it is clearly whatever server the hackers redirected the DNS to that runs linux, it was not necessarily a linux system that was breached in order to actually carry ou

Re:

[WoOS]

Hmm, seems to be a bit more complicated. At least in the vodafone net itself (DSL from Arcor/Vodafone).

--- snip ---
$ nslookup
> set type=ns
> theregister.co.uk
Server: 192.168.0.1 [The nameserver on the DSL router which forwards to vodafones DNS servers]
Address: 192.168.0.1#53

Non-authoritative answer:
theregister.co.uk nameserver = ns3.theregister.co.uk.
theregister.co.uk nameserver = ns4.theregister.co.uk.
theregister.co.uk nameserver = ns2.theregister.co.uk.
theregister.co.uk nameser

And....

[bernywork]

Their back..

Looks like they have got themselves sorted again.

Re:

[DrBoumBoum]

Their back, there wolf, why are you talking that way?

Re:

[Kittenman]

They're back... just continuing a theme.

Re:

[mr100percent]

Kittenman? Are you a kitten with the muscle structure of a man? Or a man with soft body and spirit of a kitten? .

Re:

[Anonymous Coward]

They're. For the love of all that is holy "they're back"

Testrun?

[WoOS]

1) Get some SSL keys [slashdot.org]

2) Redirect the DNS Servers

3) Profit!

Re:

[LordLimecat]

Once the DNS is redirected, you can get Godaddy to get you an SSL cert in about 1 hour. Just need access to create a txt record or modify your webpage, which shouldnt be a big deal, and since the entire thing is automated I dont think youd have any issues.

thats what they get for...

[FudRucker]

biting the hand that feeds it, (pun intended)

World hacking day

[mustPushCart]

The seem to have declared it 'world hacking day'. I wouldn't mind a world hacking day where everyone tries to attack websites. That way at least companies will pull up their pants once a year and it will be 'open season' on sites with crappy security. Could help.

Another one...

[Robert Zenz]

h4ck1n9 is not a cr1m3

Can somebody please shut the freaking script-kiddie who thinks he's cool up? I mean seriously...it's going on my nerves that those guys are called hackers. I mean, I'm not a hacker, not even close...hell, I'm not even a network coder because I suck at it...but I respect the real hacker community enough to exclude those guys from them.

Re:Slashdot needs to be hacked with Goatse.

[Kiaser Zohsay]

The last hacker only hacked it with OMG ponies.

Next April 1st, slashdot announces that it will accept image tags in comments. However, in preview mode all linked images will be changed to goatse. After submitting all images will be changed to Bart writing on a chalkboard "I will not post goatse images".

Re:

[Gonoff]

What looks wrong with that?

I came to /. from there it was working fine. Not hacked or slashdotted. (Using OpenDNS)

Re:

[Dunbal]

Nah, Hollywood is just not interested in having their boys - sorry, the FBI- do something about this. There's no movies involved.

Re:

[St.Creed]

In that case, we just witnessed an eclipse :)

Re:

[Spad]

Not really. It's a pretty decent news site with a horrible tabloid editorial slant.

When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.

Re:

[westlake]

It's a pretty decent news site with a horrible tabloid editorial slant.
When they're publishing press releases or writing humour, they're fine, but their opinion pieces & editorials are more often than not sensationalist nonsense.

"News for nerds," eh?

Re:

[spatley]

I know we all get it. A hacker is not a criminal, a hacker is one who likes to tinker and break new ground by using tools for things other than they were intended. Kevin Mitnick was not a hacker, Nikola Tesla was a hacker. I agree the distinction is important. But guess what, we lost that fight.

The best thing we can do today is to come up with another word that means what hacker used to mean.

How about bit wrangler? Or just come up with something yourself and start using it and let the best jargon win.

Re:

[unitron]

Just because you're paranoid, doesn't mean they're not out to get you.

It IS very timely, isn't it? And large scale, with no apparent profitable return for the (apparent) perps - no spyware, no stolen user data, BUT it changes our perception of Turkey in a way which suits Israel very nicely, doesn't it?

(I'm not usually known for speaking out in defense of Israel's actions and intentions, but...)

Oh yes, I used to think that Turkey was a branch office of heaven, but now that I know (or have been tricked into believing) that out of the millions of Turks, one is an evil haxor, I'm instantaneously, irrevocably convinced that the entire country is in league with the devil.

Sheeesh!

Re:

[ledow]

That is, of course, assuming you've not done the DNS lookup after the attack, that the IP never changes, that they aren't running a DNS load-balanced setup, that they aren't running virtual HTTP servers (where an IP doesn't tell you which of the million-and-one websites that IP hosts that you actually want), etc.

DNS is there for a reason. It shouldn't be possible to arbitrarily change the DNS details for a domain you don't own - for a start, it means you can receive all their email or, worse, really mess w