Romanian websites for Google, Microsoft, Yahoo, PayPal, and other operators were briefly redirected to a rogue server on Wednesday. The redirect is most likely a result of a decade-old hacking technique that underscores the fragility of the Internet's routing system.

For a span of one to several hours on Wednesday morning, people typing Google.ro, Yahoo.ro, and Romanian-specific addresses for other sites connected to a website that was purportedly run by an Algerian hacker, according to numerous security blog posts, including this one from Kaspersky Lab. Researchers said the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses.

DNS poisoning first came to light in the mid-1990s when researchers discovered that attackers could inject spoofed IP addresses into the DNS resolvers belonging to Internet service providers and large organizations. The servers would store the incorrect information for hours or days at a time, allowing the attack to send large numbers of end users to websites that install malware or masquerade as banks or other trusted destinations. Over the years, DNS server software has been updated to make it more resistant to the hack, most recently in 2008, when numerous providers introduced fixes to patch a DNS cache poisoning vulnerability discovered by researcher Dan Kaminsky.

It's not clear how Wednesday's attack was carried out, although researchers are speculating it involved the compromise of systems operated by the RoTLD (short for the Romanian Top Level Domain Registrar). A Google spokesman wrote in an e-mail to Ars that after becoming aware of the redirection, company officials were "in contact with the organization responsible for managing domain names in Romania." Besides Google.ro, Microsoft.ro, Yahoo.ro, PayPal.ro, other sites affected included Kaspersky.ro, Windows.ro, and Hotmail.ro, according to Kaspersky.

Wednesday's incident appears to be one of several regional DNS attacks perpetrated in recent weeks. Last weekend the operators of Pakistan's shared registry system said a vulnerability in one of its systems caused several website addresses to be redirected for a few hours. Last month, Ireland's domain registry suffered an "unauthorized intrusion into the company’s systems" that affected DNS records for Google.ie and Yahoo.ie. The attack exploited vulnerabilities in the company's configuration of the Joomla content management system to upload malicious code that caused unauthorized DNS changes. DNS attacks have also hit Israel, according to a blog post from Bitdefender Labs, which didn't elaborate.

Kaspersky Lab Senior Security Researcher Stefan Tanase said Wednesday's attack could have been much worse. So far, all reports indicate visitors were redirected to a page that did little more than brag of the exploit and recognize fellow hackers. "Imagine how many accounts could have been compromised this morning if these websites were redirected to a phishing page, instead of a defacement page," he wrote.