The popular website Craigslist has been in a lot of hot water lately, having been accused of some serious safety and security issues. A report from the Inquisitr revealed that the chairmain of the Consumer Product Safety Commission challenged Craigslist to step up their security measures to protect users from accidentally purchasing defective or dangerous products — a direct result of an investigation by ABC News that proved Craigslist sellers have been selling hazardous products.
At roughly the same time that Craigslist received heat from CPSC Chairman Elliot Kaye, a hacker took down the Craigslist site overnight. For several hours, Craigslist would redirect users to another site, DigitalGangster.com. The hacker used a DNS attack to hijack Craigslist, which didn’t directly attack the website but simply allowed him to redirect users to a different website, according to Business 2 Community. Ironically, Craigslist has so much traffic that all the redirection to DigitalGangster crashed that site.
The CEO of Craigslist, Jim Buckmaster, released a statement on the incident:
“At approximately 5pm PST Sunday evening the craigslist domain name service (DNS) records maintained at one of our domain registrars were compromised, diverting users to various non-craigslist sites. This issue has been corrected at the source, but many internet service providers (ISPs) cached the false DNS information for several hours, and some may still have incorrect information.”
DNS hijacking is a popular method of hacking that allows a website domain to be compromised without having to actually infiltrate the website’s security system. For this reason, it’s possible that Craigslist wasn’t hacked for any malicious reason, but rather to point out security flaws within the Craigslist system.
According to Slash Gear, DigitalGangster.com belongs to a rapper named YTCracker, who has been blamed for taking Craigslist down. YTCracker has quite an online reputation as a hacker and instigator, having fought for the return of the soft drink Surge and successfully hacked into the secure web servers of several government websites. The sites included NASA’s Goddard Flight Center international homepage, the homepage of the Bureau of Land Management’s National Training Center and the homepage of Defense Contracts Audit Agency.
“To the US government and military — I have warned you about these security flaws,” YTCracker posted on each of the hacked websites, “Please secure our military systems to protect us from cyber attack.”
Is it possible the rapper hacked into Craigslist for the same reason as the government sites? With Craigslist under fire for lax security measures, it’s plausible that YTCracker took this opportunity to illustrate just how dangerous Craigslist has become. What do you think?