Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Attack on NetNames DNS Servers Shifts Web Traffic Away From Major Websites

    Written by

    Fahmida Y. Rashid
    Published September 6, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Attackers changed the Internet routing information on major Websites to redirect users to different pages over the weekend, affecting dozens of companies, including Microsoft, the United Parcel Service and computer producer Acer.

      Visitors to the affected sites on Sept. 4 were shown a black page with a message that read in part, “Hacking is not a crime…We TurkGuvengligi declare this day as World Hackers Day – Have fun.” Guvenligi is Turkish for “security.” It’s not yet known whether a lone attacker or a group performed the redirects.

      The attackers had breached the servers belonging to NetNames, a company that provides Domain Name System services to various Websites. DNS records are like entries in a telephone directory, with host names translated into actual IP addresses. Attackers managed to change the actual directory entries to point the host names to IP addresses under their control.

      “It’s important to note that the Websites themselves have not been hacked, although to Web visitors there is little difference in what they experience-a Web page under the control of hackers,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.

      About 186 Websites appear to have been affected, according to Zone-H, a site that tracks Website defacements. The list of affected organizations included Coca-Cola, Interpol, Adobe, Dell, Harvard University, F-Secure, Secunia, UPS, the United Kingdom’s The Register and The Daily Telegraph, Acer, Betfair, Vodafone, French automobile brand Peugeot, and the National Geographic. Various country-specific Websites for Microsoft and global bank HSBC were also targeted. Their DNS records were modified to point to multiple name servers at “yumurtakabugu.com.” The domain name resolved to an IP address owned by hosting provider Blue Mile, according to the DNS record.

      Turkguvenligi used SQL injection, a technique in which commands are entered into a form on a Website, such as log-in boxes and comment fields. If the site did not properly handle text entered into the form, it would pass them to the back-end server and database and execute the commands, giving attackers information they should not be able to access. Turkguvenligi submitted a redelegation order into the NetNames system late in the evening Sunday to change the address of the master DNS servers, according to a statement to customers from NetNames.

      “The rogue name server then served incorrect DNS data to redirect legitimate Web traffic intended for customer Websites through to a hacker holding page branded Turkguvenligi,” NetNames said.

      The company reversed the changes within hours, but since servers generally cache DNS records, it took awhile for the corrected information to propagate, leaving users unable to access the sites. It appears that Turkguvenligi managed to compromise at least one account on the NetNames system through the attack. The accounts have been disabled to prevent future attempts, NetNames said.

      Turkguvenligi could have caused more damage than defacing pages. With the DNS record modified, it would have been a simple matter for attackers to put up a cloned site and harvest log-ins and password information, especially on affected banking sites. Users would have seen the correct URL in the address bar and would not have been able to tell they were being phished.

      The Register confirmed that the attack did not breach the actual sites. “As far as we can tell, there was no attempt to penetrate our systems,” wrote Drew Cullen on the site, but the publication shut down all services that required a password as a precaution.

      DNSSEC, a security measure now being deployed by many registrars to guard against DNS tampering may not have prevented this kind of attack because the attackers submitted an actual order to change the records on the provider level, Chester Wisniewski, a senior security advisor at Sophos, told eWEEK.

      DNSSEC uses public key cryptography to digitally “sign” the DNS records for Websites, and attackers were able to sign new records using the NetNames keys, Wisniewski said. DNSSEC is designed to stop attacks such as cache poisoning, where a DNS server, is compromised.It cannot protect against a DNS provider being compromised and signing false DNS records, he said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.