This article is more than 6 years old

Rapid7’s Metasploit is the latest high profile website to fall foul of a pro-Palestinian group of hackers, who hijacked its DNS records.

And it seems the hackers used an old-fashioned fax message to commit their crime.

Metasploit, of course, is used by security professionals around the world to test corporate security systems, and verify that vulnerabilities have been properly fixed.

The KDMS Team managed to trick Register.com, who manage the DNS records for metasploit.com, into believing that they were authorised to change them – redirecting anyone attempting to visit the Metasploit site to a different part of the net, under the hackers’ control.

In short, if you attempted to visit metasploit.com your web browser would claim that you were on metasploit.com, but what you would see on the webpage would be very different than what the site’s legitimate owners would want.

MISSION COMPLETED

HACKED

KDMS TEAM

PLAESTINIAN HACKERS Hello Metasploit After whatsapp , avira, alexa , avg and other sites

We was thinking about quitting hacking and disappear again ..!

But we said : there is some sites must be hacked

You are one of our targets

Therefore we are here ..

And there is another thing .. do you know Palestine?

Earlier this week, WhatsApp, AVG and Avira – whose DNS entries are managed by Network Solutions – were attacked in a very similar manner.

DNS records work like a telephone book, converting human-readable website names like metasploit.com into a sequence of numbers understandable by the internet. If hackers manage to change a site’s DNS records, they can take you to a website that isn’t under the legitimate company’s control.

H D Moore, the Chief Research Officer of Rapid7 and driving force of Metasploit, has described on Twitter how the Metasploit site was hijacked:

Metasploit.com was hijacked through a spoofed change request FAXED to Register.com. Hacking like its 1964

Social engineering triumphs for the hackers once again.

The worry is, of course, that if Register.com can be fooled so easily into allowing hackers to mess with a site’s DNS entries – they could presumably do it with *any* website using Register.com’s services.

Surely companies like Register.com and Network Solutions need to be a little wiser about the possible tricks hackers could use to mess with their customers’ web visitors?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.