Domain hijacking can be done in several ways, generally by social engineering. The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar. (This is another form of identity theft) Once this has been done, the hijacker has full control of the domain they can change their DNS records to point to a server of there own or sell the domain.
In this case the DNS records were changed to foward to farahatz.net when google.ie or yahoo.ie where entered into a web browser or search engine. The Irish Domain Registry released an official statement stating:
“As you may be aware, there was a security incident on Tuesday 9th October, involving two high profile .ie domains that has warranted further investigation and some precautionary actions on the part of the IEDR.
There was an unauthorised access to a Registrar’s account which resulted in the change to the DNS nameserver records for the two .ie domains.
The IEDR worked with the Registrar to ensure that the nameserver records were reset and corrected promptly. Simultaneously, the IEDR commenced an investigation and analysis, with the assistance of external security experts.
Based on the results of the investigation and the recommendation of security experts, the IEDR has temporarily brought external web-based systems off-line in order to perform additional analysis.”
Serious questions are being raised about how this breach occurred but nothing has been confirmed it’s all speculation. Other high profile sites are part of this domain registry which are not affected like eBay, Microsoft, Yahoo and PayPal. http://www.iedr.ie is down and I beleave will stay down until then find out the complete and real cause of the breach.