Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Hushmail DNS Attack Blamed on Network Solutions



 By: Ryan Naraine
2005-04-29
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Network Solutions confirms that a weakness in its customer-service authentication causes the temporary hijack of a customer's Web site. Hushmail isn't impressed with the company's response.

Secure e-mail service provider Hushmail Communications plans to pursue a criminal investigation into a hacking attack that redirected users to a defaced Web site. The company pinned the blame for the breach squarely on the shoulders of domain name registrar Network Solutions.

Hushmail, which markets PGP-encrypted e-mail, file storage and vanity domain services, has opened a criminal investigation with the Royal Canadian Mounted Police in Vancouver to get to the bottom of a DNS server breach caused by a combination of social engineering, phishing and pharming tactics.

Brian Smith, chief technical officer at Hushmail Communications Corp., said in an interview with Ziff Davis Internet News that the attacker or attackers simply called the Network Solutions Inc. support center and gained access to enough customer account information to alter the Hushmail DNS (Domain Name System) settings.

"They used a name not associated with Hush Communications and was able to get information from Network Solutions," Smith said. Using the information collected from Network Solutions customer service, Smith said the DNS information was changed to redirect users visiting the "hushmail.com" URL to a defaced Web site.

For a brief period, Hushmails domain was either unavailable or appeared defaced with an image of Hushmails logo with the following text: "The Secret Service is watching. - Agent Leth and Clown Jeet 3k Inc." Zone-H.org has archived a screenshot of the defacement.

Resource Library:

Smith said Network Solutions promised to investigate and issue a statement on the breach, but at press time Friday, Hushmail had yet to receive official communication from the Herndon, Va.-based registrar.

Network Solutions spokeswoman Susan Wade confirmed that the breach occurred as a result of certain weaknesses in the registrars customer-service security measures but declined to provide specifics, citing customer privacy issues.

"Were seriously investigating the incident. We are aware that a hacker temporarily altered this customers [DNS records]. Our security team promptly rectified the situation," Wade told Ziff Davis Internet News.

She described the breach as an "isolated incident" and said Network Solutions would immediately institute "additional security measures to ensure it doesnt occur in the future."

"Weve brought everyone in and gone over the procedures, and weve implemented some additional ones. I cant go into details for obvious reasons, but we are taking this very, very seriously," Wade added.

Click here to read about an e-mail scam that duped Linux users.

In addition to supporting RCMPs investigation in Vancouver, Wade said a separate criminal investigation is being launched in the United States.

At Hushmails end, Smith said the episode has been frustrating. "Were still waiting for a statement from Network Solutions. We were told by an employee that the attacker was given the DNS information over the telephone, but theyve not sent anything official to us. I dont want to comment on what may or may not have happened at their end," Smith said.

For now, Hushmail is working to erase the negative perception of an e-mail security provider with a major server breach. "Initially, it was embarrassing but were pleased that the users and the media have been very sympathetic to what happened here. To nontechnical users, it will take some explaining, but its quite clear that this could have happened to anyone."

"The Internet as a whole is a notoriously nonsecure infrastructure. Were operating within that. This is a big worry for the entire Internet. Thats why phishing, pharming and social engineering attacks have become a big issue," Smith said.

Hushmail has been upfront about the hacking attack, publishing a daily log with updates for users.

"To the best of our knowledge, the DNS issues caused by the caching of the altered addresses should now have ceased. The correct addresses should now have propagated across the Internet, and all users should be able to access Hushmail," the latest entry says.

The company said there was no unauthorized access to any of the Hush servers. "Data managed by Hush was not compromised. During this period, e-mail sent to hushmail.com will not have been delivered," Hushmail said.

Rick Fleming, chief technology officer at Texas-based security outfit Digital Defense Inc., said the Hushmail nightmare points to a "major weakness" in the way domain name registrars authenticate requests for DNS changes.

"Well continue to see these types of social engineering attacks because its becoming easier to impersonate someone and collect information. There is definitely a weakness in the way the domain name registrars handle authentication. If they dont have a way to adequately identify who the domain owners are, these attacks will continue to happen," Fleming said.

"Whats to stop this from affecting a Yahoo or a Google? Nothing. The underlying flaw is the domain name systems work. Its an implied trusted relationship without any authentication or verification and that needs to be fixed," Fleming said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Hushmail DNS Attack Blamed on Network Solutions
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r㶲s\@♵M=RJd[klҌפN!1Er=JN~b:?qtMZe2{<5D th4{$ G7L{B.cnQ?sOG7郿O$w}L9UQ#C3W)92 E]0eNznDzpDwd>9|@D)5'Ӡ5ޙ Q}_6g2z9o0 fE63&6I=E9JDq?֥qɏL|2#oqر7{ g&tob Q!)*Jd/B(?cc5~{N0/Pcw0}dh9;*v_e ۭ@5lvy!rs#gKݻH͠L$Gd`jI:D*"4C2R!1;r,ǃ)KTQ3c}fZ3u-3@ؾQ̀ EuL_FBԿ$f …0̳X#vRpce[]6g5]n9s8$sz3 wZENX* ?q7tJa9 :r<=0;DL=:/yÙÌ6]ަ<4TiUE9*TR?*62g2͏wz/ j.{W ? n0th;@Ry] Z sruO}qN6nyvtx//;YJM~c/DR˅,D>- ,ֳP u/kzQҏZ-_ ԊhGZAAv,f3} 3+i3*5dNߒ-~k~>E,[3sAT4 ̠K`W:k19zq{ں}\=rڽ!Iə{Ά0pgs Z_Zrn`Kk'^ϟgb M GiTjVMԺp|9!9Io 'ȿ۾Bd}#77gbeQ 5F`X@7? iP2\M8X@/@ש#atBjmҔ 9B:ܼNR49Vϡ蟩$Wm4@r1)6B̄H )&7R<&,)|YU>hI"E[f8 .)J!"x^3ˌ"ȅQ.% Ć> bϑWM,zYY5'*taeEUis[ӢKsIiH{v'ݨä pp|g<͇v1s a {>0sF}j`I l"v|scм`y`27fC?F{t( u,/{@`\@Z8`$8ʼE8sB7}ٜu҇&Qc>~v (~9-RC/1tKt=JIA }At"AђF *4 gscX"C"' `[7;.VKŤ\*y"Jm':.3PKϥ"ڹLX*QY,p[/ ͙JRdq4[LboD6], S mo3-muk{XT4V§#&csdfz{@ZWgi K0:i`0Ґ(e`9O<sy h? OzuO 35{00q}@ 2iE3ӆMI|B3< I8Mlz:eR#OtuKvcs3t7Nm~|FpIN3_hy>grGֶLo ?J|z[.z: %r% 5kb$T`CfL q^i:[@Lg˦kͲTؽ/ 7R@2Km *4@0V+,;7kc:J+_iihH*6@\X3,# %.?W0Z%m;@=pl=50_ܰ큡/UVjG,-s9Za5sV@@@7h TolVCax=Zz' As,\OT\r { p>h>JeHǝ:~Lҧ;BSjb35-F  ? |'+ȁUrqXk0읶Wׅ])/_8̧76i+CoLsCm0 Ǧ"}Zl"ӮWKHLZ`!?RP՘$'i/#Y XTر,!0}6u{APOK-KӞ@#@&"C'ѠcD8v_(+ Gﯺsz>UF=n3 $#о'hʰeh8`Zzq8JD%xXPr'RL*'~Ò?DFCizi}~هF9#*!_'Hq,"JPVbjxSC+jrTT+ oVX&9)R3KG)Nb_ޝ?4Mc'6 `3\xk}`x䃋2,*`ز|˘/ iXSJ$z`FK Zman0L3Mᗬ6{  "8&Ԗ>j7peCyn)crdl-qVCYw7䪢-}K;3]W< OQ: A\=!< `QtEa&NiE; P{EMzO1"_pkx豸6] QB|<@Qž.JV-5EW‡v1ር54 M|8곍ZJ qvsTy9kY%f+aEM4=>YCYTy3is{2s-_O>%XȓSw&Z Ĵ\.@ ^(93+V_]-M:f2/cX_dUM+%0m3hSYlpQ28c=[ |{.Z o#uIN:Ɲc}t7wֿLWEϡRD71PUL xg4sfDcK6jM+'&GlEմZYk-g}X#2␜ ~'a%wJI) `zVDZ) c].k|Y{h֏'*)TʜYEo(QU-q'F.҄^ߍKs98$D2$MU"[ qe l&SbR/փ `AQ`"U!7TQ>O7(~ (zC9m{~>RTS(.>JmP*jIIz, :*h7xџ6XD+(++i-^2yamD9[ 4wʨKV-,sK"hʌg _|r[rn)tyĆ5Qh#e[,"uZUԹlp-:%5>6 `i8~{D(}ׇ́{9Eu\I76|v>2DH"V9Kysֹ_>^toQ#rѹjK^kQ\O#;RsvuȒu4*$Eyp|hq0)MF0SkF#wȰ6 Z_ť{jpfiZ ^k5W'27h#)۵}oM19 ºUXȬe`|]L($T0r$`$X)XCu:]_4?EG:KEP^S(+RJ)"4FL |ZM3_f Rt<~Ur:Pעo1Mr!}J_cNfo4~P6=8,rh%縍vRt/0?;)}AOmN9˙~DҼ"7* Í7E馺7dj#N M5W"v=O[?G0 cl9a(1|$zdea#ݒ:p<5GK:)!OOp|Nh'I^VR6T$4%!44QLNbC]A+Cg һn^mOp6<1ޥ]ƙWxvIl綱<<RpLCRCsҼ'B}$XyKw8Ť3DJ^KjpVKM^N4~xr'|'xj}yUy^=t#jVuwfܣcDi:n{GT@(NVu2k=-,':]W__lGoIM21/ȄKGS>^Y]s>ͥ0i8;=?PV=w9c9|s\nW gtF?%W>i^7yja~%X@R{#|$~>xFM>xuS意G 93rĸeۨ+=ht[dؗ{vOKn<]1n鐧lLgI"ɫ׺w7}YpJUOVr{ld+N$c,n%P2vA Js{Q;qec?oW{y V*?BWc+YT>9b6m-m$rx\Y_*5䍨 zXIכHlqH6py5[ &p޵'q.Bim ĥL"ZQJՊp5Q9 z7#"욟ň2O Ox!Zy] jr'F- ~2bZUzH 9gh{Ż) ? #GӛKs+L">>D/_^!bx'R|q\à7L>Qe̔um  I)ۖJ/ 7gdEg`.s˦R[VSkJ1KbL4IXz}NRп.yQBzNU^s*E9*%X뀹hYP\[)]O9,,T6}L؉ѱSǓz}4Cy`9؝EL #n cyWyCʾ05/ 5gʋ+bLz|<8Fh {$я,԰R"7v UIAXJ9[yUŝ||||_ZU>X_T}0%5̴_`OK׎;6J⩥?,͢|mp"h:de L"!o^`H-jLؗ WRϦPl{ڋn(TzJuKg`(55~2ҏax썍0Fx8hq8[{_O:k*B!͜AY+%"9rϮ4X rϖ+Jܝq Vsܳ5p__B/ᮎߚ'a yso6}qBOtϡ6k1ZߘtLHj~жa+@m ն|[`8dċR򃧻. {E\[ˮ=:sJNY,{Cˬe#1}elC؂_%=l$5Vfؐ)l%I"q0MQqD3ů o$X-#]D/cc>&;4xTG'^"Ҷ38oqhy|[Ӳ'IN4b'ݴX,hELVHm0 $jc"T7?Göָ{>/GwxG f ]G?tځrUQo|֊[N[iΞëF(X`%\k>1mͨ4$p{#9?_kf?` ?E* O2Z',h6WQ`a3ط/0q_n]׍LǔuT{e#s:^{u$0& UHƵ1pS\^o۰q'H|A D(C^PB^]o’M=1I]r177v5AV/r59"@Ÿ Rxc)@5ˋAB,t$ /(/-Iyo[+6qN"F dѴۣB.sI *JM]/OQ/K]ZX:~eL<^^AFS3 io"r*ނ0HuPUO UP+$s7נ,cst3#m@&/=QmT/LxV8Ow| 􄼥-J4sWj"Mln0tn[=t4Pn':ru'ޠvΏdn&~iXp>H':t=jh DZФJ vjR#rzw(1 .ođժTjQܣ@VT8bAQxr c{iNR(I\1ړncG0/bZNa=kA"5zR`NerO}TK;TI`m3c4q1na>>(-^awUqji\"Kv֔mab?vH 㽻Ԙn% D`cpv+"h&n*16J)to|{HI -g~1~"js{-jaeY[+ 6Ƕl[vi|DuvH Dj9m6a Zz\/HkDr-l?GLnL kbD )o3AKOc+ӘP?c. lSO L%& J!47\CP |`+C7p+PUGod}exxJ""r[M(etMx5 )<]Сܛ r@JoIg4= Pm¼܏@BSxwGd.$1qQp5`GX; joEֹIz# ,@Geꊍ\Dx56:ioj.~z gW#Cߑ7Ź 죋B眇sfAƒsH ](u Kn0tc<2:P={χ\o|J7[>BZs4pBFRS ƈ\eaH9p=S1-0Șh MQ HxDirtvnOKZ&a k(E$ c,n#B Xu`" ôG͈֜ iur6^{eA=ق۹fbWoP$P`+wdc||9g G_$R } (bWU T,G,(ϏB5DSJH0Zfmn X`,2E<epY<>swe~rt6W&25KqfldaQ(b8M u?3,ȏ%nNK b$P!%h$bcx=9`1%@2dzwȗ>0(-ŌCZQJФ*t!dW`ǪZJ[Wt'x1n?W.4W )WPx s#cvFCTi``fڟ` i4MMz{'7~{E[t?v7~qjz0calB_d_T ΓQ9j^2833ޣõ,9% E*w8l' z$;G(%^َ/!jbҫSi0LL7[veS+~k!?=Bƫx]b12;ZӦoJc~*4=67anq4ħEOW\#4yD}n"=(('MfFyʻ-AQ~'O>9e\~5;;\(u2UF9\}/\~/2l׸K2K{AKe}. /?/32?QF23ϡ<PK((+ ..n~fk on22  ׇ }}̠-ff--m%:Iʘ!gk\8=Rgr ~)A_dկ| #r75iKohg?>/yd֦k_Fkp'k͠~%s"N^@O磌Ùx,O~f+gM تGѨs7Ӧ;^xR n^=F.u7\șP˦=wJp.d ީ&T51 spa3 Ӯ23]§On3A ~m  D#iZ#"9ţ:aс(Yc{XnD82sx 2&Q_ ˝Xܐ0bpa`O*}qKA#}qfk6h뺺wh:_ಓH+ 0Sq?Ih"v]#6 R Ň%޿1=Rnw] pZk礷LxנƇ ?>KGJ EJ&lCzǞ"0ـħ%NAa:2Ş_ =6᝱^sF%؉Gcӄ2+a9aoo!j;MA5c>;ul>:ksonݍ(}c"N@>AՋpO`HzBXt[_456:\/5*l$9=ASh4Wϛ5eXI%i{j9.KPRJVr.Q ?n`n6{to4Oe;BI<ŗ-<>,D*9"[o %P@EikI/?tI3軉Wd&%}YQ v.ycьJqK+yHR͠_[=$sDs݅ ߠ(b/<% *`> ,CR6N>Lc? `nwjں=Pŗ;wi3F)f'NFp)hN<}y?٢ u+ğ? \cwHVLt>;Oulם@ P⁜0ћ>[1ue|nHHU֧f2{M:з57d([| ӽނ4ܨNA2+1<&`#]&\f\jџfJ.ѮRTnbbq8g;KMlZtȱ(l}jx[9`^|˼kAўx'a|ht-k^FLC]R>Ŕ+ ]'[ۧ3й?-{ׄ/e;._{QFbfݐs:#vKѺ v7"aaA0n,ـ9&@/{~w1Ǹ 0tcz7^?׭- ɤ{-̅2 !δ^x[+ 0DqS XǢVWqTR:!; /D?8 ciL;acXJ ,oԛ'TS*4.v>Ͻ>Z\;9ZpϢq9q3E~#V+ݰ5%ӫrX*x{ej xٚջHR#z.i׃!gn耵]1nB!ˣŬ"D0Ȯ'Z:tsh{h۟XsTHهl*~&o$,{+ЃT~xFK-^8Q> χ"@Ԃ+"e})IDy{SL_?X|ړT+K+ ?aMd|h\7,{՗NO<|Xyx(']f(FRqO\|t/71XZ莗7Oޟt?\E eiAђtoZ4!wl:Wg񲞽?`(XECh`bhPlQWVIGv3HZ\֓Rvᷮ g۲M*d.%rR⚫W_fLNƇZZ܄;66BKFslx61 R)