Al-Jazeera domain hijacked

The bad news continued on Thursday for Arab satellite television network Al-Jazeera. A hacker hijacked the network's domain, pointing visitors to another site that displayed a pro-war message.

Administrators at Al-Jazeera became aware of the problem late Thursday morning, Greenwich Mean Time (GMT), after being contacted by the European company that hosts the network's Web page, according to Salah AlSeddiqi, IT manager at Al-Jazeera in Doha, Qatar.

Traffic to Al-Jazeera's servers at the Europe hosting site had stopped, AlSeddiqi was told.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The bad news continued on Thursday for Arab satellite television network Al-Jazeera. A hacker hijacked the network's domain, pointing visitors to another site that displayed a pro-war message.

Administrators at Al-Jazeera became aware of the problem late Thursday morning, Greenwich Mean Time (GMT), after being contacted by the European company that hosts the network's Web page, according to Salah AlSeddiqi, IT manager at Al-Jazeera in Doha, Qatar.

Traffic to Al-Jazeera's servers at the Europe hosting site had stopped, AlSeddiqi was told.

"They wanted to know if I had changed something. I told them I hadn't," AlSeddiqi said.

When he tried to visit Al-Jazeera's Web site, AlSeddiqi noticed that traffic was being directed to a different site, that displayed a pro-war message.

AlSeddiqi also attempted to log on to the administrative interface for the domain, only to find that the password for the administrative account had been changed, locking him out, he said.

"It seems somebody has hijacked the domain," said Martijn Mooijman, a security specialist at security company Organisatie Beveiliging IT BV (OBIT) in The Hague, Netherlands.

The aljazeera.net domain is managed by Network Solutions, a domain name registration service owned by VeriSign.

Al-Jazeera staff worked with Network Solutions to restore ownership to the network and point the domain to Al-Jazeera's Web servers. By Thursday evening ownership of the aljazeera.net domain was returned to the network.

VeriSign did not respond to requests for comment.

Some Web surfers could still access the site for the Qatar-based satellite news station on Thursday, even though the domain seemed to be hijacked.

That is not surprising, said Mooijman, who early evening on Thursday, GMT, could also access the Arabic Al-Jazeera site.

"It is normal that some people still see the original page, while others see the hijacker's page. It takes about 24 hours before all the DNS servers in the world are updated," he said. As a consequence, restoring aljazeera.net after the hijacking will also take about 24 hours, he added.

No information was available on how the domain was hijacked.

"Our first concern is to get the domain restored and then we'll focus on how it happened," AlSeddiqi said.

The site to which visitors were directed belonged to NetWORLD Connections, a Salt Lake City ISP.

NetWORLD staff detected the defaced page Thursday morning after noticing a spike in traffic to its Web servers, as visitors to aljazeera.net were directed to NetWORLD's servers, according to Ken Bowman, president and CEO of NetWORLD.

The defaced page was in an area of his company's Web site that allows individuals to post Web pages for free. The site is commonly used to host family Web pages, he said.

While NetWORLD requires users to register with the company before posting pages on the site, the company does not corroborate the registration information.

In the case of the defaced page, the registration information that was provided was "fictitious," according to Bowman.

The IDG News Service is a Network World affiliate.