Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security United States

DHS Issues Security Alert About Recent DNS Hijacking Attacks (zdnet.com) 113

The U.S. Department of Homeland Security has published today an "emergency directive" that contains guidance in regards to a recent report detailing a wave of DNS hijacking incidents perpetrated out of Iran. ZDNet reports: The emergency directive [1, 2] orders government agencies to audit DNS records for unauthorized edits, change passwords, and enable multi-factor authentication for all accounts through which DNS records can be managed. The DHS documents also urges government IT personnel to monitor Certificate Transparency (CT) logs for newly-issued TLS certificates that have been issued for government domains, but which have not been requested by government workers.

The emergency directive comes after last week, the DHS issued an alert about ongoing DNS hijacking attacks through its US-CERT division. The DHS US-CERT alert was based on a report published last week by U.S. cyber-security firm FireEye. The now infamous report detailed a coordinated hacking campaign during which a cyber-espionage group believed to operate out of Iran had manipulated DNS records for the domains of private companies and government agencies. The purpose of these DNS hijacks was to redirect web traffic meant for companies and agencies' internal email servers towards malicious clones, where the Iranian hackers would record login credentials.

This discussion has been archived. No new comments can be posted.

DHS Issues Security Alert About Recent DNS Hijacking Attacks

Comments Filter:
  • by Anonymous Coward

    Build that firewall and make Iran pay for it!

  • DHS people still working as essential workers through the shutdown. Uncommon sense! Maybe we should take up a collection and send them a pizza.
    • by rtb61 ( 674572 )

      The DHS has no choice but to work, otherwise when they are doing nothing, everyone would realise that is pretty much what they do, nothing, apart from spying on their own, the DHS, brownshirts in waiting. Doing something is hardly sending out propaganda alerts, making claims about IP addresses as if they reflect reality. Take the wild illogic, ohh look, DNS redirected, by the IP, addresses, but wait if you can so readily alter DNS, why are IP addresses so secure, wait they are less secure, interesting. You

  • by WaffleMonster ( 969671 ) on Wednesday January 23, 2019 @12:29AM (#58006144)

    The only problem of import is ability for attackers to record login credentials due to continued use of insecure authentication algorithms.

    What should be an obvious basic fact known to all I'm 100% certain will be totally lost on whoever is not furloughed and responsible for these systems.

    DNS is the problem. Yes insecure DNS providing insecure pointers to insecure network addresses is the problem. It's all DNS... lock that shit down or a disaster will occur. Yep we're all really THAT stupid.

    Personally I blame browser vendors for their persistent refusal to support secure authentication algorithms.

You are always doing something marginal when the boss drops by your desk.

Working...