Pakistani Internet users today got slammed by an unknown hacker group that seems to be Turkish and called Eboz. The complete list of sites taken down by them is still vague. Early Saturday morning, attempts to access search engine Google.pk led to a defaced page, hours after several other sites were also taken down, which include

  • www.nic.fo/trabzonx.html
  • www.visa.com.pk
  • www.ebay.pk
  • www.google.com.pk
  • www.msn.org.pk
  • www.google.pk
  • www.hp.com.pk
  • www.apple.pk
  • www.hsbc.pk
  • www.microsoft.pk
  • www.paypal.pk
  • www.fanta.pk
  • www.coca-cola.pk
  • www.blogspot.pk
  • www.sony.pk
  • www.windows.com.pk
  • www.yahoo.pk
  • www.auda.org.au

Overall, it appears that about 300 websites in Pakistan were attacked by the group.

Those who tried to access the defaced websites from within (outside) Pakistan were usually redirected to a page with an image of two penguins walking on a bridge. A message in Turkish read (translated through Google translate):
“Eboz of a friend always there for me My homies have not shot by me with every breath”
It further added the line “Downed Pakistan” to confirm the webpage had been taken down.
At the bottom of the page, the hackers added a big question mark followed by the tag line that when translated read:
“Hello friends who are still alive, not dead!”

The root of today’s attack seems to be a breach via the Pakistan’s TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected organizations via PKNIC’s look up, it appears that all the sites are now redirecting to two nameservers, dns1.freehostia.com and dns2.freehostia.com.

Update: It seems that Google.com.pk has been finally restored and the nameservers are again pointing to dns.google.com.pk. Others are still trying plug the hole.

Do share your opinion.