Detecting Domain Hijacking in Social Media
It’s no surprise that hackers are targeting social media sites. The latest attack was perpetrated against Twitter by a group claiming to be the Iranian Cyber Army. To be clear, though, the Twitter site was NOT compromised; their DNS was altered. This alteration sent anyone attempting to use Twitter’s services to the ICA’s web site. This type of attack is becoming more and more prevalent as it does not require the attacker ever to touch the victim’s servers.
These types of attacks seemingly render traditional security measures (firewalls, VPNs, IDS/IPS and packet-filtering routers) useless as the attack doesn’t actually touch the victim’s network. These attacks are called Man-in-the-Middle and Domain Hijacking attacks, where a hacker inserts themselves between the online user and the web site (e.g., twitter.com), unbeknownst to either party. In this case, defacing the site and redirecting traffic to the hacker’s URL that posted a message critical of the United States. In a more malicious case, a hacker’s intent could be theft of on-line transactions or gaining access to proprietary information. Just imagine if the attacker’s site in this case was a fictitious, but real-looking, twitter login page. Would you have noticed before providing your login credentials?
How is this possible? Cyber attacks are getting more stealthy, sophisticated and dynamic. Hackers know firms have firewalls and a security infrastructure, so they’re looking where we’re vulnerable. And these places are the external, Internet available resources that store key data that is critical to a company’s online presence.
These resources include WHOIS registrars (e.g., Network Solutions, Register.com, GoDaddy.com, etc.), IANA registrars (who store IP address ranges, CIDR information, contact information, email addresses), a firm’s own DNS servers, and other public Internet resources, like Google that can reveal other company specific information.
By poisoning or altering just one of these records, a hacker can re-direct traffic, thereby inserting themselves between the web site and its audience. It is difficult to prevent all types of man-in-the-middle and domain hijacking attacks, but fortunately there are ways to detect them, enabling the domain owner to take immediate corrective measures.
Razorpoint Security Technologies’ Rz.DataWatch(TM), (http://www.razorpoint.com/rz.datawatch) is an industry-leading service that detects these type of attacks. Using a sophisticated security methodology that monitors a company’s Internet presence on a continual basis, the service identifies and reports any anomalies. Rz.DataWatch(TM) is an easy to deploy, low cost service. There’s no hardware or software to install, it is not intrusive to a web site or network, and places no management burden on the web site owner.
Domain hijacking attacks are not rare. In fact, another notable Whois registrar also experienced a major attack just last month. Fortunately, Rz.DataWatch(TM) detected it and enabled the registrar to resolve the issue long before that attackers could reap any benefits. So long as clever hackers continue to devise new methods to breach our systems, it is imperative that the industry remain vigilant with its defenses. Rz.DataWatch(TM) is one such measure.
- Contact Information
- Don Yellen
- VP Sales & Business Development
- Razorpoint Security Technologies
- Contact via E-mail
This news content may be integrated into any legitimate news gathering and publishing effort. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.