VOA website hacked again? (Or is it just my PC?)

Posted: 23 Feb 2011   Print   Send a link
I was reporting most of 22 February that that the VOA website was still hacked by the Iranian Cyber Army. Actually, the VOA site was back up earlier in the day, but I had to shut down my router and turn it back on to flush the DNS cache. Now I'm seeing the real voanews.com again.

Update at 0800 on 23 Feb: The Iranian Cyber Army is back on my PC when I type www.voanews.com.

Update at 0810 on 23 Feb: I just did an ipconfig /flushdns, and VOA is back. Actually (updating the update), refreshing voanews.com sometimes brings up Iranian Cyber Army, and sometimes the VOA home page.

Nextgov.com, 21 Feb 2011, Aliya Sternstein: "The website of U.S.-funded broadcaster Voice of America Persian was attacked by an Iranian pro-government group, according to a correspondent for sister station Radio Free Europe Radio Liberty. The main VOA site also appeared to have been hacked, as of 9:04 p.m. Eastern on Sunday. 'Website of VOA Persian Service was Hacked today by #Iran 's Cyber army #Iranelection,' Golnaz Esfandiari wrote at around 5:30 p.m. Eastern on the social media tool Twitter. One VOA story now states that the incident may have been prompted by the U.S. State Department's recent Arabic- and Persian-language Twitter campaigns in support of pro-democracy opposition groups overseas. ... Here's a Google-translated recap of the VOA article: ... 'It seems that this action in response to remarks on Sunday (20 February) that Hillary Clinton in a television interview with BBC America, while talking about opening accounts in Arabic and Persian Tweeter by America's Foreign Ministry, had said : "We want young people like the young Americans who seek to express their rights are believed to be associated."'"

Washington Times, 21 Feb 2011, Bill Gertz: "Iranian computer hackers on Monday hijacked the website of the Voice of America, replacing its Internet home page with a banner bearing an Iranian flag and an image of an AK-47 assault rifle. ... It then listed more 90 websites of VOA it claimed has also been hacked. A State Department spokesman could not be reached for comment. ... The hacking takeover of the website of VOA, voanews.com, followed the announcement last week by the Broadcasting Board of Governors, VOA’s parent agency, that it was canceling all shortwave radio broadcasts of the VOA’s Chinese-language service in favor of Internet broadcasting."

The Tech Herald, 22 Feb 2011, Steve Ragan: "So what happened this time? The short answer is that no one knows yet. Many of the domains listed by the ICA as hacked share a common thread, Network Solutions. However, voanews.com, the master domain, does not appear to use Network Solutions at all. At the same time, voanews.net, voanews.org, voanews.info, voahp.com, voanews.us, as well as many others, resolve to a Network Solutions holding page or point to the ICA message on voanews.com. In addition, they use DNS hosting from WorldNIC, a Network Solutions company. It is possible that the Network Solutions account was compromised, and then with that access, voanews.com was defaced thanks to a shared password. However, most of the domains pointed to the main URL before the defacement. So this could be a case where single compromise covered 93 additional domains simply due to the nature of their hosting. We’ve reached out to Network Solutions, as well as the Broadcasting Board of Governors, the organization that manages Voice of America, for comment on the incident. If we hear back from them, we will update this story."

Blogger News Network, 21 Feb 2011, Ted Lipien: "Americans for U.S. International Broadcasting, a group of current and former VOA and BBG employees and free media advocates, have started a petition drive to convince Congress to reject the BBG’s and the Obama Administration’s proposals for eliminating shortwave radio broadcasts to China."

Fars News Agency, 22 Feb 2011: "An Iranian cyber group announced that it has hacked the Voice of America (VOA) and all its affiliated websites. The move came in response to the false reports released by the VOA and other websites on the spread and progress of seditious moves in Iran. VOA and its affiliates have long been supporting anti-Islamic Republic groups and sought to provoke unrests in Iran. The Voice of America is the official external radio and television broadcasting service of the United States' federal government, but it acts as a complementary and media arm of the US spy agencies."

Broadcasting Board of Governors press release, 22 Feb 2011: "As popular protests unfold across the Middle East, U.S. international broadcasting faces increased satellite signal interference and a web Domain Name System (DNS) attack. ... On Monday, February 21, an unknown party hacked the Voice of America’s primary domain name (VOANews.com), along with numerous related domains registered with Network Solutions. Web users were directed to a website claiming to be run by a group called the 'Iranian Cyber Army.' ... This was a Domain Name System (DNS) attack redirecting the VOANews.com website. This was not a breach of internal systems or servers. No data was lost or compromised as a result of this event. An investigation is underway to determine who is responsible."

VOA News, 22 Feb 2011, William Ide: "Cyber security expert Jeffrey Carr says the Iranian Cyber Army should be taken seriously. 'There are a few hacker crews operating out of Iran that do have allegiances or ties with the Iranian government. The Iranian Cyber Army is one of them. They have a good skills set. These are not script kiddies [inexperienced hackers],' he said."

RFE/RL websites, including radiofarda.com, are accessible. See previous post about same subject.

RFE/RL Off Mic blog, 18 Feb 2011: "[S]ince earlier this week, RFE's Iranian service Radio Farda has experienced a new form of interference from Iran: a flood of automated phone calls aiming to clog up its answering machines. On an average day, Radio Farda receives between 150 and 200 voice messages from its listeners with everything from eye witness reports to music requests. These messages are recorded by answering machines at RFE's Prague headquarters in the Czech Republic and at its news bureau in Washington D.C. This Wednesday, RFE's technicians noticed something unusual: a large number of calls coming in from an automated system. Soon, Radio Farda's answering machines were receiving 200-300 calls an hour - an obvious attempt to block out regular callers with a variation of a 'dial of service,' or DoS attack."