The domains of Metasploit.com and its parent company rapid7.com had been hijacked and defaced by the Kdms Team. They had previously also had taken down down several high profile computer security related targets.
Mr. HD Moore (Chief Research Officer of Rapid7 and Chief Architect of Metasploit) told EHN how the domain was hijacked.
@SuriyaMe I can confirm that the DNS settings were changed for a few minutes and pointed to 74.53.46.114
— HD Moore (@hdmoore) October 11, 2013
@SuriyaMe they temporarily hijacked our domains by sending a spoofed DNS change request via Fax to http://t.co/W5BBC7jhvy
— HD Moore (@hdmoore) October 11, 2013
And when asked if the Domains were back in their control he said "yes" and explained why some people are still seeing the deface page.
@SuriyaMe yup, the whole thing was resolved in less than an hour, but DNS changes may be cached until the TTL expires
— HD Moore (@hdmoore) October 11, 2013
Please note that a DNS attacks DOES NOT affect the server of the hacked site in anyway. Anybody could fall victim to it . The blame belongs to the Registrar not Rapid7.
This shows how even if you have the strictest security mechanisms there is always a "weak spot" that could be exploited and more often than not it is the "Human" element that is weakest.
