Displaying items by tag: DNS

On March 2 2015 CVE-2015-1187 was released. This alert indicated that a simple cross-site request forgery allowed someone (the “bad” guys) to hijack DNS settings on a wide range of routers. By doing this they were able to point people to their own DNS server and in turn direct them to malicious sites. These sites could be anything they wanted them to be from phishing sites to sites with malware intended to compromise the target system. The exploit is a pretty smart one especially when you take into account the fact that the bad guys do not need to remotely manage the target router to get this going.

A warning has been sent out to financial institutions and government agencies as the collective known as Anonymous has announced their OpUSA. The Operation as put forth by the hackvist group is supposed to target banks and government websites and is supposed to kick off on May 7th. Some security experts are advising the targeted organizations to prepare for Distributed Denial of Service Attacks and harden their sites against them.

ICANN discusses about who to assign new management domains (a total of 1930 potential new domains are in the pool), and Amazon has applied for multiple domains, including .book. It is quite clear why this domain is of extreme importance to many, including Amazon’s rival Barnes & Noble, which reported earlier this month to ICANN, saying that Amazon should not be permitted to handle the domain.a

The patent troll is a company that does not produce anything, but holds patent rights to various technologies; in this case a company named VirnetX put another major victory under their belt. Only two years ago they "ripped off" Microsoft for $200 million for alleged breach of patent rights (and are in ongoing lawsuit against Cisco, Avaya and Siemens). Now they have won a lawsuit that earned them $368.2 million in a dispute against none other than Apple.

There is a lot of talk in the news about a very old piece of malware. This malicious code was called DNSChanger and was part of a criminal enterprise that intended to route people’s traffic through their own servers instead of the intended servers. This opened the victims up to countless other potential infections. The Malware was discovered back in 2004 and had a small amount of fame for its time. The impact of this particular infection was rated into the millions of Windows based PCs. Although the malware was identified and six people were arrested for it, the authorities did not know what to do about the infected systems (which is VERY odd).

A while ago we wrote a piece that talked (in simple terms) about how Anonymous could kill the internet through attacking the root DNS servers. The article was written with the intent to give a background on the system in place and how it works. We did not then, nor do we now believe that Anonymous would take down the internet. As with all of the threats to take down twitter, Facebook and other forms of communication it would be exceptionally counterproductive. If Anonymous were to take down the internet and prevent connecting to servers via DNS it would lose many of their followers and supporters for at least the length of the hack.

Anonymous is preparing to “shut off the internet” on March 31st. The move is in protest to things like SOPA, ACTA, and according to their statement; “irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun”. Now while Anonymous typically goes after targets with something along the lines of a DDoS (Distributed Denial of Service) attack they are looking to do something different here. Anonymous plans to take all 13 Root DNS servers offline in a single day. Is this possible? Well let’s take a look at some of the facts behind how DNS works and some evidence that Anonymous might already have broken into the system.

Anonymous had a rather big weekend starting off with taking down the CIA’s public website cia.gov. This was done through an interesting trick that appeared to be a combination of a DDoS and some DNS tinkering. On the day of the outage the CIA’s website resolved to 192.81.129.107 which when looked up showed as an address belonging to an IP pool in the UK. Once the attack was completed the site resolved to 192.81.129.130 which is undeniably part of the same range, but now shows as a US IP range.  Looking at the evidence this could possibly be a new form of attack from the collective. Unfortunately we just do not have enough information on the subject to be sure and the CIA is not releasing any new information.