DNS attacks take scores of sites off line - redirect to hackers
Last Sunday evening the websites of Vodafone, Betfair, Acer, National Geographic, the Telegraph and the Register all fell victim to a hacking attack. This was the work of a Turkish hacker group called TurkGuvenligi, who diverted traffic from these sites to a new holding page announcing “TurkGuvenligi declare this day as World Hackers Day - Have fun ;) h4ck y0u”
So how was it possible to affect so many high profile organisations at once? What happened is known as a DNS hijack or essentially a masked redirect – meaning you’d be redirected but you wouldn’t see it coming. The websites affected all had in common the same Domain Name Registrars. Noted names include Netnames.co.uk and Ascio, although others have been implicated as well. It was these systems that had been hijacked. In fact the websites themselves were free of malware but during the attack people wouldn’t actually reach the correct site.
A Domain Name System (DNS) acts like a kind of phone book for the internet by converting the words you type in for a web address into a number. By hijacking the system, the hackers were able to send people to the ‘wrong number’. While the attack was taking place they could have chosen to send people to any number (i.e. site) they wanted. There’s an interesting article in The Guardian which talks to the hackers that carried out this attack.
One particular challenge noted in another register piece is that "the domain names are totally out of control of the owners until they can get the registrar to change them back to their own nameservers." Also, email sent to the sites while the hack was live would be diverted to the hackers' site. This presents a real challenge for confidential data also getting into the wrong hands
The list of successfully breached companies just keeps growing and growing. Fact. Bad guys know how to take advantage of software vulnerabilities. But what can the good guys do about it? We recently hosted a Webinar on some of our research on attacks, attack types and how you can stay ahead in the game. If you missed it you can watch the recorded webcast here: http://www.websense.com/content/apt-webcast-reg-en.aspx?cmpid=pr