Subscribe

They came in like a wrecking ball —

Craigslist DNS hijacked, redirected at infamous “prank” site for hours [Updated]

Craigslist CEO: domain registrar was compromised, sending traffic to “various sites.”

-

Many Craigslist visitors found themselves here—before their traffic brought the board down.
Many Craigslist visitors found themselves here—before their traffic brought the board down.

Around 5:00pm PST on November 23, the Domain Name Service records for at least some of the sites hosted by the online classified ad and discussion service Craigslist were hijacked. At least some Craigslist visitors found their Web requests redirected toward an underground Web forum previously associated with selling stolen celebrity photos and other malicious activities.

In a blog post, Craigslist CEO Jim Buckmaster said that the DNS records for Craigslist sites were altered to direct incoming traffic to what he characterized as “various non-craigslist sites.” The account was restored, and while the DNS records have been corrected at the registrar, some DNS servers were still redirecting traffic to other servers as late as this afternoon.

Craigslist's domain registrar is Network Solutions, which is owned by Web.com. [Update, 5:32 PM EST November 24: John Herbkersman, a spokesperson for Web.com, told Ars,“The issue has been resolved. At this time we are continuing to investigate the incident.”]

One site that appeared to receive most of the traffic destined for Craigslist was “Digital Gangster,” an invitation-only Web board owned by rapper and hacker Bryce Case, Jr.—also known as YTCracker. Case gained notoriety in 1999 for hacking into the network of NASA's Goddard Space Flight Center.

DigitalGangster.com advertises itself as being “dedicated to nothing in particular other than being important. It is responsible for millions of dollars in commerce and millions of terrible pranks on the Internet. Be warned: kids have been born as a result of posting here (seriously).” Among other things, members of the site were accused of involvement in the posting of images stolen from Miley Cyrus’ e-mail in 2008.

The forum site now appears to be down as a result of the additional traffic sent its way, which may have been intended as a denial of service attack against the forum. [Update: As of 4:27 PM ET, the site is back up, with errant traffic redirected to another site.] The site has been the target of previous denial of service and defacement attacks. Via Twitter, YTCracker told Ars that "this was a joe job anyway so i just redirected it to my video. I think Obama is behind it."

This story was updated on November 24 at 4:27 PM EST with details provided by Bryce Case, Jr.

Sean Gallagher Sean was previously Ars Technica's IT and National Security Editor, and is now a Principal Threat Researcher at SophosLabs. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.

Channel Ars Technica

Related Stories

    Today on Ars