Cyber Incident Victim: Google

On April 15, 2015, three Bangladeshi hackers using the aliases Ne0-h4ck3r, TiGER-M@TE, and F0RTYS3V3N executed a coordinated defacement attack against multiple high-profile domains, including Google Images (images.google.com.my), YouTube (youtube.my), and Yahoo Malaysia (yahoo.my). The attackers compromised the domains and replaced legitimate content with a defacement page displaying the message "Pwnd by! Ne0-h4ck3r, TiGER-M@TE and F0RTYS3V3N | Mirror on the wall | #Hackers r0x Lamers Sux | How are you? | Here we are again!" alongside an email contact ([email protected]). This marked the second intrusion against Google Malaysia within 24 hours, following an earlier DNS redirection attack by TiGER-M@TE. Zone-h.org mirrors provided technical evidence of the compromises, confirming unauthorized access to ns2.google.com.my and other subdomains. The attackers did not disclose motives in their defacement message. Historical context indicated the same hacking collective previously targeted Google Kenya in 2013, demonstrating a pattern of regional operations against Google assets.

The incident disrupted normal service delivery across all affected domains, with Yahoo.my redirecting users to malaysia.yahoo.com during the compromise. Ownership ambiguities emerged, as who.is records showed discrepancies between Yahoo.my and Malaysia.yahoo.com, raising questions about jurisdictional control of the targeted domains. No data breaches or extended service outages beyond the defacements were reported. By the time media coverage circulated, all compromised domains had been fully restored to operational status. The attackers leveraged DNS-level manipulations for the Google Malaysia intrusion, though specific technical vectors for other domains remained unspecified in available records. Defacement mirrors archived on Zone-h served as the primary forensic evidence documenting the scope of unauthorized access. No claims of data exfiltration, financial theft, or secondary attacks accompanied the incident.