Comments on: TCS official website hacked

By: GuJJu

GuJJu — Sat, 23 Oct 2010 04:12:06 +0000

The site is back on its road i think so friend.

By: Sitaram Chamarty

Sitaram Chamarty — Tue, 09 Feb 2010 10:40:31 +0000

@mary:

try this google search http://www.google.co.in/search?q=but+the+reverse+is+vm2k3-web5.mgt.hosting.dc2.netsol.com&hl=en&filter=0

you’ll get about 160 hits, each containing some domain that was discovered to point to the same IP that tcs.com was directed to at that time.

Now add in the fact that this is only for vm2k3-web5 (whatever that means!) under dc2 (presumably some cluster in the DC area) and speculate how many more will turn up if you try other combinations of numbers, locations (ny, la, etc).

Count all of those and you’ve got your answer…

my 2 cents…

By: mary

mary — Tue, 09 Feb 2010 05:52:33 +0000

While it is obvious that this was a DNS redirect and not a website hack per se, what is not clear is why was TCS singled out for this attack. After all, whoever hacked NetSol’s DNS server could have wreaked havoc on many more domain names.

By: akshay

akshay — Mon, 08 Feb 2010 20:59:33 +0000

whatever may be the reason , this should not have happened for the india’s largest IT company

By: Tata Consultancy Services (TCS) Site Hacked

Tata Consultancy Services (TCS) Site Hacked — Mon, 08 Feb 2010 18:15:45 +0000

[...] then an TCS employee commented on his blog that tcs.com was not hacked. What did happen was that the DNS records that supply the [...]

By: bggopal

bggopal — Mon, 08 Feb 2010 16:54:38 +0000

The site is back and running now.. I wonder what would be the next Target..

By: Srini K

Srini K — Mon, 08 Feb 2010 12:49:59 +0000

Thanks 4 d info. We were really confused about it. Now pretty clear

By: Aditya Kane

Aditya Kane — Mon, 08 Feb 2010 11:06:24 +0000

@Sitaram: Thanks for the input and great insights. As vivek said, makes the post complete.

By: vivek jain

vivek jain — Mon, 08 Feb 2010 07:28:14 +0000

@sitaram
Thanks Sitaram. This detailed info has completed the post now

By: Sitaram Chamarty

Sitaram Chamarty — Mon, 08 Feb 2010 04:04:05 +0000

[Disclaimer: I'm an employee of TCS, though I'm posting this in my personal capacity]

tcs.com was not hacked. What did happen was that the DNS records that supply the IP were reset to some other IP.

Whether that was done by actually hacking tracom/netsol or by social engineering a valid change request I do not know.

I know the site was fine because going through the internal DNS got me the correct IP address and the correct content.

I believe the problem started sometime before 1am IST [this is a wild guess, from other symptoms], and was resolved around noon or so [this guess is more accurate because I was semi-actively monitoring it].

In both instances, it would have taken a few hours for the bad data to expire from DNS caches. Depending on who your DNS provider is, you may have seen it “come back” at different times. If you were running your own DNS, you could have purged your DNS cache manually and would know more accurately when it came back (or just run a “dig +trace” at 10-minute intervals looking for the right IP to come back)

Regards,

Sitaram