Craigslist, the well-known web classifieds site, is currently offline for many users following a DNS attack.
According to Brad Volz, a network engineer at Craigslist, someone compromised the site’s account at one of its registrants on Sunday evening, causing the name server (NS) records to migrate.
“That issue has since been corrected,” Volz explained, “but the various caches around the Internet are still holding the old data.”
These caches may need to be flushed in order to restore Craigslist’s operability.
Shortly following the attack, users who tried to access the web classifieds site were redirected to “Digital Gangsters for life,” which suggests Craigslist may have been hacked.
The Digital Gangsters forum is known for a number of high-profile attacks, including the theft of photos from singer Miley Cyrus’ email in 2008 and a Twitter hack a year later in which the accounts of celebrities, such as Bill O’Reilly and Britney Spears were compromised.
Digital Gangsters has been largely unable to manage its victim’s heavy traffic. After temporarily going down, the site redirected all Craigslist web searches to the New York Times website. All traffic has since been redirected to Digital Gangsters, whose response time continues to be sluggish.
As part of the attack, Craigslist’s domain name record was modified, with a new name registered to “steven wynhoff @LulzClerk”.
Steven Wynhoff has been named as having used DDoS attacks and hacked YouTube accounts dedicated to posting “Call of Duty” videos, as well as allegedly hacking Bitcoin creator Satoshi Nakamoto’s email earlier in 2014.
Whether Wynhoff is behind the attack remains to be determined.
Some time after the attack was discovered, Craigslist CEO Jim Buckmaster released a blog post confirming the DNS attack.
Like Volz, Buckmaster is concerned that “many internet service providers (ISPs) cached the false DNS information for several hours, and some may still have incorrect information.”
He therefore urges all network providers and tech staff to flush all Craigslist entries from their DNS servers.