Craigslist Domain Name Hijacked, Visitors Redirected to DigitalGangster

Craigslist, the worlds number one online classified advertisements website with sections devoted to jobs, housing, personals, for sale, items wanted, services, community, gigs, résumés, and discussion forums was hijacked on Sunday.

Visitor redirected to DigitalGangster.com

Visitors trying to access the website for weekends shopping took on to Twitter and various tech forums to confirm if they were not the only one facing the issue. Some users reported that they were directed to New York Times website while trying to access Craiglist. Other said that they were lead to third party website while clicking through Gateway, which could possibly be advertisements or an affiliate link.

It seems that Craiglist.org could not cope up with the high traffic which meant that the domain was hijacked and ttackers to redirect it to another domain DigitalGangster(.)com

Looking at the whois Records of the Domain for Craigslist, it was last updated on Sunday with Registrant Name updated as Steven Wynhoff @LulzClerk.

Twitter had suspended the account @LulzClerk last week.

Prima facie its looks like the hijackers changed the Craiglist.org domain settings, and redirected requests for craigslist.org to the New York Times website, after going through a third party click through gateway, which could have been an affiliate link. After some time the hijackers reverted back to the Digital Gangster site, which at the time of publishing still appeared to be choking under heavy traffic.

Investigating the Name Server records:

While Investigating the last few updates on Name Servers for Craigslist we found that initially it was updated to ns02.000webhost.com and ns01.000webhost.com a free webhosting service which possibly was used as the click through Gateway to redirect visitors to the New York times.

Later the NS records were remodified to NS75.WORLDNIC.COM and NS76.WORLDNIC.COM. this has now been fixed to usual NS of Craigslist.org.

However while researching for this report, Techworm team was still redirected to DigitalGangster while trying to access Craigslist. The reason for this may be that the name server propagation can take upto 48 hours globally. Till the propagation is complete, some users may still be redirected to the DigitalGangster.com website.