News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack. These attacks were carried out just weeks after the DNS cache poisoning attack against a Brazilian Bank and ISP. As attacks on the DNS increase, the reports on large scale "scares" are becoming more prevalent. DNS attacks hitting mainstream media just highlights how serious the problem is becoming. DNS redirection, pharming, and cache poisoning are no longer viewed as sophisticated internet crimes and no longer infrequent. Any Internet security expert will tell you that tinkering with DNS is not that difficult and it happens more often that most of us are aware.
It is critical now more than ever that we secure the DNS and to do so we need DNSSEC implemented industry wide! DNSSEC thwarts online attacks such as DNS redirection, pharming, and cache poisoning that are used to commit fraud, distribute malware, or steal personal and confidential information. With Internet vandalism on the rise, it is imperative that the Internet Community takes all security precautions necessary to protect and preserve the Internet as it is integral to today's era of technology.
Written by Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry. Lauren Price also contributes to the .Org weblog located here.
Related topics: Cyberattack, Cybercrime, DNS, DNSSEC, Domain Names, Domain Registries, Security
To post comments, please login or create an account.
Lauren,
Can you please provide an explanation of why you think DNSSEC would have protected anyone in the Puerto Rico incident?
The very article you linked to points out the attackers "used a SQL injection attack to break into the Puerto Rico registrar's management system."
If it was the same kind of attack as that in NZ, which I suspect it was, then DNSSEC would have helped.
Here in NZ once the registrar was compromised the attacker used the registrar systems to request a nameserver change at the registry, which meant those zones now pointed to different nameservers. If those zones had DNSSEC protection then the resolver clients would know straight away that those new nameservers were bogus and so not been fooled.
The only way it would not have worked is if the registrar ran the nameservers for those zones, had the crypto key online for automatic generation of sigs and if the hackers then made the change on those local nameservers.
However, certainly in the NZ case, and probably in the PR case given the nature of the companies, the registrars were not hosting the zones and so this would have been possible. Which is why the hackers have to usurp the regstrar systems to change nameservers with the registry.
Penultimate sentence - should finish "… would not have been possible."
Hi and thank you for your comment. The point of the blog is high profile Internet attacks are increasing and we need to take all necessary security precautions, DNSSEC being one of them in reference the DNS cache poisoning attack in Brazil.
.. DNSSEC wouldnt have protected anybody in Puerto Rico. Not under the circumstances the attacks were carried out.
These are not kaminsky style cache poisoning .. something much more old fashioned .. gain control of the resolver through sql injections or other ways to compromise the base OS, and then control DNS views.
DNSSEC is essential - but I do wish you'd pick more appropriate examples to promote it.
Hi and thank you for your comment. The point of the blog is high profile Internet attacks are increasing and we need to take all neccesary security precautions, DNSSEC being one of them in reference to the cache poisoning attack in Brazil.
I saw your boilerplate reply the very first time. And I do appreciate the value of dnssec. Only - where there's a compromise of the sort you described, DNSSEC is useless because the bad guys just did an end run around it.
If you'd like to reply to this, I'd appreciate your thoughts rather than another repeat of the same boilerplate.
when government controled the internet you had to show proof you owned that business 1) Business checking Account and credit card or debit card,State registration,City Registration,IRS- EIN , CCR registration (Government or Military-areas).
2) Why did Icann and Iana Allow Registrars and /or domain squatters to purchase and squat on peoples business names and personal names and hold for ransome which is identity theft and extortion, this falls under the RICO ACT as they are Large corperations and Individuals engaging in Organized crime.
3)proof of organized crime -is Registrars creating subsiduaries as shell companies owned by another person,controled by the registrars (president),also third party accomplices in Bahamas(wan-fuchina.com) or cayman islands(BWIDomains.com) or foreign country, but organized to front run,hijack and alter first in use and dates registrared,during a Whois search by the registrars Customer.
4) Programs were used in this crime- Cookies, tracking cookies by advertisers run and/or owned by the Registrar. Also programs made to spy on other domainers look-ups. these programs are being sold by registrars on their websites!!
Advertisers plant cookies to see where customer goes on the internet so they can get you to buy their customers products,mean while the customer is un-aware that the registrars are using the trojan in the program to see what domains you are looking up at the whois!!!Immediately they snatch your business name or genaric domain name!! they then point you to sedo.com ,dotster.com, networksolutions.com,godaddy.com where they offer you the domain name for 50 to 5000 dollars or more!!!this is split by both registrars!!!
Thank You for Listening,
Ernest Ryder
PS- lauren you are looking very lovely today