For those of us who are a little ignorant, can someone expand a little on the technical details of this? How does one hijack/alter a DNS record? I've only ever had other people host my DNS, so does this mean they were hosting their own DNS and someone attacked their DNS servers? What's the security like around how DNS records are stored? More specifically, had they been using Secunia's DNS monitoring and had been alerted "before the DNS was propagated" wouldn't there still be a lag time between when the hacked stuff propagates and the replacement stuff re-propagates that would leave the site defaced for the amount of time it takes to propagate the replacement?
You steal their DNS registrar account. This depends entirely on the security of the registrar; Network Solutions used to let you change account info by sending them faxes on fake letterhead.
From the Secunia blog entry on the incident, cited in the original article:
Our preliminary investigations have been concluded. We've been
working with our registrar provider, DirectNIC, to identify the
cause of the incident, during which we've learned that other
DirectNIC customers were affected by yesterdays attack and
they all suffered a temporary redirection of traffic.
Sounds like someone took control of the registrar's systems, rather than specifically targeting Secunia.
They're still really bad at this; people stole the registrar accounts for somethingawful.com and 4chan from, again, Network Solutions, via social engineering. I never heard how they specifically did it. They may even have done both on the same weekend.
Well, it was an article for our users and our audience about the danger of DNS hijacking. It was not intended as a full explanation of the issue and I didn't even submit to HN (which I only do for our better posts :)).
