A Deep Dive on the Recent Widespread DNS Hijacking Attacks
Very good article, very detailed, with a lot of technical precisions, about the recent domain name hijackings (not using the DNS, just good old hijackings at registrar or hoster). https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns...
On Saturday, 23 February, 2019 10:03, Stephane Bortzmeyer wrote:
Very good article, very detailed, with a lot of technical precisions, about the recent domain name hijackings (not using the DNS, just good old hijackings at registrar or hoster).
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns...
So in other words this was just an old school script kiddie taking advantage of DNS registrars, the only difference being this was a whole whack of script kiddies acting in concert directed by a not-quite-so-stupid script kiddie, with some "modernz" thrown in for good measure. (Sounds like an NSA operation to me -- and the targets perfectly match those that the NSA would choose -- plus some good old misdirection just for the jollies of it) The second takeaway being that DNSSEC is useless in preventing such an occurrence because the script kiddies can merely turn it off at the same time as they redirect DNS. However, having DNSSEC can protect you from incompetent script-kiddies. It can also give you a false sense of security. Did I miss anything? --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
On Feb 23, 2019, at 11:13 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
So in other words this was just an old school script kiddie taking advantage of DNS registrars, the only difference being this was a whole whack of script kiddies acting in concert directed by a not-quite-so-stupid script kiddie, with some "modernz" thrown in for good measure.
It’s Iranian military. If you want to call them script kiddies, that’s up to you, but people familiar with the campaign characterize it as an APT, and have been for the several years that it’s been going on.
the targets perfectly match those that the NSA would choose
Amusing bedfellows, if they weren’t so annoying.
The second takeaway being that DNSSEC is useless
You seem to have gotten that one backwards, by over-straining yourself in an effort to seem clever.
Did I miss anything?
Apparently, yes. -Bill
participants (3)
-
Bill Woodcock
-
Keith Medcalf
-
Stephane Bortzmeyer