CircleID

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company.

Update:
Some clarification has been posted by H D Moore of Metasploit regarding the story and miss-quotes:

In a recent conversation with Robert McMillan (IDG), I described an in-the-wild attack against one of AT&T's DNS cache servers, specifically one that was configured as an upstream forwarder for an internal DNS machine at BreakingPoint Systems. The attackers had replaced the cache entry for www.google.com with a web page that loaded advertisements hidden inside an iframe. This attack affected anyone in the Austin, Texas region using that AT&T Internet Services (previously SBC) DNS server. The attack itself was not malicious, did not load malware, and from an operational standpoint, had zero impact. I contacted the ISP, worked with our IT folks to switch forwarding services, and wrote a cache auditing tool. I found the "wild" attack interesting, so in a conversation with Robert McMillan, I brought up the incident and forwarded the associated logs and notes. Shortly after our conversation, Mr. McMillan published an article with a sensationalist title, that while containing most of the facts, attributed a quote to me that I simply did not say. Specifically, "It's funny," he said. "I got owned."

Read full story: PC World

Related topics: Cyberattack, Cybercrime, DNS, Malware, Security