Sunday, February 10, 2013

Pak web domain .pk remains vulnerable to cyberattacks


PKNIC - a shared registry system that manages the .pk domain name space (DNS) for Pakistani websites - which was hacked twice in the last three months, remains vulnerable to basic-level cyberattacks. 

Though the company has thwarted the recent attack, it is still investigating the security breach, reports The Express Tribune. 

PKNIC, which hosts 23,000 users of the .pk domain, including national-level websites, was attacked this Monday after a group of hackers penetrated and defaced several websites, including those of Pakistan's famous newspapers. 
The hackers - ZombiE_KsA, Z3r0Byt3, Xploiter and Dr Freak - criticised PKNIC for being unable to fix the vulnerabilities in its DNS servers. 

This was the second successful attack on PKNIC, a private company based in California, United States. 

In November 2012, Eboz, a Turkish hacker, entered PKNIC servers, taking down about 284 websites with the .pk domain including google.com.pk. Later on, PKNIC issued a statement, claiming it had fixed the vulnerabilities and the website was secured. 

PKNIC has not mentioned what measures it is considering to protect its website from attacks in future. 

The attack on DNS is considered a very basic hacking technique in cyberworld, according to Barrister Zahid Jamil, an expert in assessing cyber crime. Jamil believes that the recent attack was the result of security flaws in the clients' own websites. 

Rafay Baloch, a professional white hat who recently bagged $10,000 in Paypal's bug bounty programme after exposing a critical vulnerability in the website, also called it a basic-level attack. 

However, he said it is believed across many online forums that PKNIC is also vulnerable to SQL injection - the most powerful cyberattack, according to Open Web Application Security Project (OWASP). OWASP is the world's largest organisation in terms of web application security and penetration testing. 

At present, there are no laws in Pakistan to govern this type of cybervandalism.

No comments:

Post a Comment