Romanian websites for Google, Microsoft, Yahoo, PayPal, and other operators were briefly redirected to a rogue server on Wednesday. The redirect is most likely a result of a decade-old hacking technique that underscores the fragility of the Internet's routing system.
For a span of one to several hours on Wednesday morning, people typing Google.ro, Yahoo.ro, and Romanian-specific addresses for other sites connected to a website that was purportedly run by an Algerian hacker, according to numerous security blog posts, including this one from Kaspersky Lab. Researchers said the most likely explanation for the redirection is a technique known as DNS poisoning, in which domain name system routing tables are tampered with, causing domain names to resolve to incorrect IP addresses.
DNS poisoning first came to light in the mid-1990s when researchers discovered that attackers could inject spoofed IP addresses into the DNS resolvers belonging to Internet service providers and large organizations. The servers would store the incorrect information for hours or days at a time, allowing the attack to send large numbers of end users to websites that install malware or masquerade as banks or other trusted destinations. Over the years, DNS server software has been updated to make it more resistant to the hack, most recently in 2008, when numerous providers introduced fixes to patch a DNS cache poisoning vulnerability discovered by researcher Dan Kaminsky.