Today hackers were able to briefly take over the Google.lk domain, the Google’s search engine page for Sri Lanka and redirect it to bring awareness to an ongoing crisis in Sri Lanka.
To be clear the hackers did not took over the Google.lk domain by hacking Google servers, but the hackers were able to somehow modify the DNS settings either by poisoning the DNS of the ISPs, or changing the DNS setting of the ISPs that is linked to the Google.lk domain name.
The NIC.lk is responsible for maintaining the DNS settings for the .LK websites, .LK is the country specific domain on Sri Lanka.
And it seems for a brief period of time all the ping requests to Google.lk were redirected to an IP address maintained by Digital Ocean, probably an IP address that is linked to a droplet.
The hackers were using this opportunity to bring awareness to an ongoing crisis in Sri Lanka.
Sri Lanka is an exporter of one of the world’s finest tea (Ceylon Tea), however estate workers who work on these estates only make a daily wage of around 4 USD.
The estate workers have been fighting to increase their daily wage to at least $5 for nearly half a decade, however, there is disagreement with the government and the estate owners in providing a daily minimum wage of $5 USD.
Protests are being carried out at estates around the country demanding the minimum wage to be raised to $5 USD per day. And for a brief moment, hackers were able to become activists on the internet.
The page was titled “Is this really freedom?”
Really Freedom?Google.lk briefly displayed this on their webpage as hackers took over the domain name.
Tea estate Workers’ lives dark as the tea kettle. Still, they are fighting for their 1000(approx 5$ per day) Rupess salary for the last several years. But 1000 Rupees also not enough at this time. Heartless politicians and the companies are not even agreeing to pay at least 1000 per day.
We don’t want racismThe hackers also had this to say, does this mean we can expect more cyber attacks in the future?
We want clean government. If you can’t make it, youngsters will clean you. You can’t cheat anymore!
The authority maintaining the .LK domains, NIC.LK also admitted an issue has been raised regarding some LK domain names, and that they are investigating the situation.
Not the first time
This is not the first time where hackers were able to exploit the .LK domain registry. In January 2013, hackers dumped personal details of all the .LK domain owners.
I even wrote about the hack on my 2013 Tumblr blog.
I’m sure the government will look into this, and we might be able to find out who did this, and how they did it in the coming days.
Sri Lanka has to really think hard about their cyber security, even though startups tend to be more secure, the government websites and services are more hit and miss.
Back in November I was able to gain access to the now fixed COVID Tracking system. The developers fixed the vulnerability after I informed them about it.
You can see an archived page of how the Google.lk domain looked like here – https://web.archive.org/web/20210206170930/http://webcache.googleusercontent.com/search?q=cache%3AKRj1n10CSccJ%3Awww.google.lk%2F+&cd=2&hl=en&ct=clnk&gl=lk&client=safari