DHS Issues Security Alert About Recent DNS Hijacking Attacks (zdnet.com) 113
The U.S. Department of Homeland Security has published today an "emergency directive" that contains guidance in regards to a recent report detailing a wave of DNS hijacking incidents perpetrated out of Iran. ZDNet reports: The emergency directive [1, 2] orders government agencies to audit DNS records for unauthorized edits, change passwords, and enable multi-factor authentication for all accounts through which DNS records can be managed. The DHS documents also urges government IT personnel to monitor Certificate Transparency (CT) logs for newly-issued TLS certificates that have been issued for government domains, but which have not been requested by government workers.
The emergency directive comes after last week, the DHS issued an alert about ongoing DNS hijacking attacks through its US-CERT division. The DHS US-CERT alert was based on a report published last week by U.S. cyber-security firm FireEye. The now infamous report detailed a coordinated hacking campaign during which a cyber-espionage group believed to operate out of Iran had manipulated DNS records for the domains of private companies and government agencies. The purpose of these DNS hijacks was to redirect web traffic meant for companies and agencies' internal email servers towards malicious clones, where the Iranian hackers would record login credentials.
The emergency directive comes after last week, the DHS issued an alert about ongoing DNS hijacking attacks through its US-CERT division. The DHS US-CERT alert was based on a report published last week by U.S. cyber-security firm FireEye. The now infamous report detailed a coordinated hacking campaign during which a cyber-espionage group believed to operate out of Iran had manipulated DNS records for the domains of private companies and government agencies. The purpose of these DNS hijacks was to redirect web traffic meant for companies and agencies' internal email servers towards malicious clones, where the Iranian hackers would record login credentials.
Build That Firewall (Score:1)
Build that firewall and make Iran pay for it!
Re: Build That Firewall (Score:1)
At least the lights are on somewhere (Score:2)
Re: (Score:3)
The DHS has no choice but to work, otherwise when they are doing nothing, everyone would realise that is pretty much what they do, nothing, apart from spying on their own, the DHS, brownshirts in waiting. Doing something is hardly sending out propaganda alerts, making claims about IP addresses as if they reflect reality. Take the wild illogic, ohh look, DNS redirected, by the IP, addresses, but wait if you can so readily alter DNS, why are IP addresses so secure, wait they are less secure, interesting. You
Embarrasing nonsense (Score:3)
The only problem of import is ability for attackers to record login credentials due to continued use of insecure authentication algorithms.
What should be an obvious basic fact known to all I'm 100% certain will be totally lost on whoever is not furloughed and responsible for these systems.
DNS is the problem. Yes insecure DNS providing insecure pointers to insecure network addresses is the problem. It's all DNS... lock that shit down or a disaster will occur. Yep we're all really THAT stupid.
Personally I blame browser vendors for their persistent refusal to support secure authentication algorithms.
It's normally horses, not zebras (Score:3)
When you turn on the football game and see an NFL quarterback who looks just like Tom Brady, 99.99% of the time, it's Tom Brady.
Those of us who work in network security day after day, year after year, get to know the other people involved, including the opposition. I can often spot a root kit hidden on a Linux server within seconds of logging in. In those first few seconds I haven't absolutely proved it. I still have to confirm the root kit, but so far I've never been wrong when I spotted the clues. Not be