Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    17,961

    [EN] WikiLeaks site defaced via DNS attack




    Alex Hern
    31 August 2017

    WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address.

    The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

    But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual “hack” appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security.

    The group appears to have carried out an attack known as “DNS poisoning” for a short while on Thursday morning. Rather than attacking WikiLeaks’ servers directly, they have convinced [?] one or more DNS servers ... to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

    It is unlikely WikiLeaks own servers were breached.

    The WikiLeaks hack also takes a different approach in its substance. In the message it posted to the organisation’s web address, OurMine jokingly begins to claim to be “testing your …” before breaking off and reminding WikiLeaks about the time “you challenged us to hack you”. It’s the third time the hackers have gone after WikiLeaks, after twice launching a DDoS attack – a form of cyber-attack where a site is overloaded with connections in an attempt to bring it to its knees – against the organisation, in December 2015 and July 2016.

    That spat caused Anonymous, the online collective, to post personal information of individuals they claimed to be members of OurMine. The hackers argued the so called “doxing” was incorrect.

    It’s the latest in a string of high-profile yet ultimately low-impact attacks from OurMine, which first rose to fame after hacking the social media accounts of a string of tech titans. Mark Zuckerberg, [Twitter CEO] Jack Dorsey and [Google CEO] Sundar Pichai were amongst those who had embarrassing messages posted to their feeds.

    Those hacks almost always followed the same template: finding re-used passwords in a previously-released data breach (for instance, Mark Zuckerberg’s password “dadada” was discovered in a 2011-era LinkedIn database), and testing them in as many services as possible until finding one that works. The group then typically posts a message claiming to be “testing [the victim’s] security”, before linking to their website, which offers penetration testing for $30 upwards. Most recently they took over HBO’s Twitter accounts, as the TV company was in the midst of a separate ransomware attack.

    https://www.theguardian.com/technolo...nge-dns-attack
    Última edição por 5ms; 31-08-2017 às 09:40.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    17,961

    WikiLeaks attacked by OurMine: what are the lessons?

    Haider Ali Khan
    2017-08-31

    A hacking group named to be “OurMine” has managed to hack and deface the official website of WikiLeaks earlier today.

    Upon investigating the hack, it appears that the WikiLeaks domain “wikileaks.org” name had hacked. According to the domain’s WHOIS information, it had been updated today on “2017-08-31T06:30:15Z”. This surely means that domain details had been updated earlier today.



    OurMine hackers some how managed to gain access to wikileaks.org domain and changed its DNS nameservers to a server that was controlled by the hackers. The server I.P in control of the hacker is 181.215.237.148. While visiting the I.P address mentioned, the deface page has appeared just as it appeared on the WikiLeaks domain.

    It’s still unclear how OurMine hackers gained access to the wikileaks.org domain. Although the following methods may have been used to gain control:-

    1. OurMine may have gained access to the WikiLeaks domain registry Dynadot.com
    2. OurMine may have social engineered WikiLeaks domain registry, by fooling one of their staffs to change its nameservers.
    3. OurMine may have hacked one of the registries staff accounts.
    4. OurMine may have hacked WikiLeaks domain owner itself.


    At the time of publishing this article, the WikiLeaks website remained defaced in many countries. However, the website was accessible via VPN at different countries. However, we aren’t sure till when the site would remain offline. According to social media users, the website had been defaced for more than 2 hours.

    Update:- The web hosting company that hosts the I.P 181.215.237.148, that was used to redirect WikiLeaks domain by OurMine appears to have suspended the web hosting account. Upon checking the WHOIS information for the server I.P, the web hosting service provider appears to be RivalHost.

    https://thehackpost.com/wikileaks-hacked-ourmine.html

    Chris Middleton
    31 August 2017

    ...

    "Anonymous, remember when you tried to dox us with fake information for attacking wikileaks?

    "There we go! One group beat you all! #WikileaksHack let's get it trending on twitter!"
    The shop-window impact may have been embarrassing for WikiLeaks, but the attack itself was rudimentary, if effective in PR terms - with the key phrase being "trending on Twitter".

    ...

    Anonymous responded to OurMine's goading by describing the attack as a "fake defacement".

    This latest attack by OurMine - which last year compromised the social feeds of Facebook's Mark Zuckerberg and Google's Sundar Pichai, among several others - reveals an uncomfortable truth about digital security in a networked, socially sensitive world.

    Such apparent security "breaches", along with DDOS attacks that slow down or crash web servers, are often extremely low tech, but high value in news terms.

    Ultimately, they may have little more impact in the long run than a selfie has in the world of portrait painting, but the challenge for security professionals is that investors' fears and changes in business confidence can be felt just as quickly as a hashtag or the defacement of a website.

    The more the social media world values short-termism and surface noise over depth and ‘signal', the more effective these campaigns will be.

    This makes them difficult to counter, except by ensuring that real domain security is absolute and that core services are protected, while trying to anticipate what attacks on the harder-to-police perimeter may have on customer services and public reputation.

    https://www.computing.co.uk/ctg/news...re-the-lessons
    Última edição por 5ms; 31-08-2017 às 10:01.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •