Google Malaysia Site DNS Hacked, Credit Claimed By ‘Team Madleets’ Hacker 1337

Google’s Malaysian site has been hacked and replaced with a splash screen giving credit to a group called “Team Madleets.” The normal site has been offline for several hours as of late Thursday afternoon and the page lists a series of handles that are ostensibly part of the team responsible. Updated with brief statement from the hackers below.

The attack appears to have been of the DNS poisoning variety, in which a hacker gained access to the Malaysia Network Information Center and changed the DNS records of Google’s site to Madleets-controlled servers. So no information appears to have been changed on Google’s servers at this time, as this is a redirect attack of sorts.

The stamp at the top says ‘[!] Struck by 1337’, which is apparently a reference to an individual hacker within the group called 1337, who has recently (allegedly) performed hacks on domain registrars of several countries. A message on 1337’s Facebook page says “Google Malaysia Stamped By 1337” and references the google.com.my and google.my domains. The only other indicator about who the group could be is a reference to them being Pakistani in origin.

The Madleets address leads to a Facebook page for the team that has the following message posted:

We feel we need to alert anyone, that we don’t hack any country tlds for example google.com.my as a result of any kind of hate, We don’t hate anyone, We love all humanity, there is no obvious reason for stamping the tlds.
Least the reason is not any kind of hate.
Whatever the reason is we can’t explain except we love all of you.
Regard’s
H4x0rL1f3

The page info states that “MadLeets is a Ethical and 1337 White Hat Hackers Community. We are Anti Hackers , we teach how to protect yourself from getting hacked.”

Screen Shot 2013-10-10 at 3.43.54 PM

If the reasoning on the team’s Facebook page is accurate, then this is simply a matter of doing it because they can and not to make a political statement. A link placed in the source code of the page leads to a music video for the artist Instrumental Core.  The music is auto-played on the site while visitors are there.

Google Malaysia was hacked back in July, along with several other Malaysian sites, by a group protesting the treatment of Bangladeshi workers in that country. One possible motivation for the group taking action now, if it is indeed not simply “exposing vulnerabilities” would be the Global Entrepreneurship Summit in Kuala Lumpur, which will be attended by Secretary of State John Kerry in lieu of President Barack Obama.

We’ve reached out to both the email address given for the team on the site and to Google. We will update this story if we receive a response from either side.

Update: The hackers responded with a brief statement to TechCrunch:

There’s not much reason behind it, only to prove that security is just an illusion. It does not exist.
We have no political intentions whatsoever, as you have already stated.
Regards, LeeT

Catherine Shu contributed additional reporting to this story.

Update 2: And here’s the explanation of how the situation looked for Integricity, the company that runs the domain name server for Google in Malaysia, as they got the site back up and running.