Slashdot Mirror
Hacking Group 'OurMine' Temporarily Redirected WikiLeaks DNS Service (theguardian.com)
An anonymous reader quotes the Guardian:
WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
Colour me surprised! /sarcasm
I'm more interested in the point that the screenshot from the link shows a https link so either the screen shot is fake or they also managed to get hold of a certificate for wikileaks.org
If Nazi websites are being taken down and their domains are being terminated, why do other terrorist organizations like Wikileaks get a double standard? If there ever was a foreign entity trying to meddle in the US election, it was Wikileaks. And yet you people give them a free pass. Seize their domain like you did to the Nazis. And in the interests of fairness, let's point out that liberals demanded that Trump condemn white supremacy after the Charlottesville attacks. Muslims use the same tactic and have a history of driving cars into a bunch of pedestrians to attack them. Next time Muslims commit a terrorist attack, liberals need to condemn Islam. Eliminate these double standards.
Is getting your DNS hacked really inconsequential? Isn't this a means of doing a man in the middle attack? Couldn't you use this as a means to intercept sensitive information or emails or trick users into downloading malicious information/software?
Anyone experts can answer this?
Allowing their DNS to be poisoned indicates a lack of technical proficiency regardless of whether the breach was their own. There are several easy to implement technologies to prevent this.
They didn't poison the wikileaks DNS servers, they poisoned some ISP:s DNS servers AFAIK. The link in the screen shot also depicts a https address so I wonder if this really was accepted by any modern browser?!
Or forget that, they did poison the wikileaks DNS: "An OurMine spokesperson confirmed to the Guardian that the attack was DNS poisoning, carried out through hacking Wikileaks’ domain provider."
They support Nazis which is proven by their stand against Trump.
See subject: DNS redirect can be overridden via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99.999% of ISP DNS != patched vs. it) + DNS requestlog tracking & lighten DNS load & resolve faster from local system RAM!
* Via what u NATIVELY have in the FASTER kernelmode IP stack!
APK
P.S. - CHINA imitated the above to same GOOD effect & more http://www.theregister.co.uk/2...
Correct. Hillary is anti-Internet but pro truth.
Wikileaks doesn't have DNSSEC enabled, so it is trivial to poison caches. Granted, most users are not behind dnssec-validating resolvers, but this is changing...
We should ignore embarrassing info about Hillary.
Trump is worse so we should ignore her connection to Russia. Especially Podesta's.
Podesta has so many connections to Russia, but we should ignore that.
She just recently released a book about the election and is making a lot of money on her tour. I paid $2k to get to talk to her and get her to sign my book.
Her approval of uranium to the Russians was just a wtf.
Hillary is on a book tour. I paid $1,800 to meet her.
They didn't poison the wikileaks DNS servers, they poisoned some ISP:s DNS servers AFAIK. The link in the screen shot also depicts a https address so I wonder if this really was accepted by any modern browser?!
If I can convince DNS servers that myserver is the real host of yourdomain, then I can generate a SSL certificate for yourdomain @ myserver -that is how standard domain verified SSL certificates work. They verify that the server referenced by DNS for a given domain is the server you are connected to. Only an EV SSL certificate verifies that the organization behind the website is who they claim to be.
CNN confirmed it is illegal to read that info.
If this were me, I'd log everyone requesting WikiLeaks and redirect most of them to the actual WikiLeaks. Then for those that ordered the secret sauce, some of them would see my own custom version of WikiLeaks (which would probably look just like the actual WikiLeaks, except the "upload leak" button would go to me instead.)
This would probably require some tricky DNS configuration, but it looks like BIND supports this. If they lost control of DNS, a bind configuration like that would make it way trickier to detect, and more useful, than a global redirect of "I captured your flag!!!"
They may not know how to hack WikiLeaks but they sure know how to hack US airliners and crash them into buildings. Don't count them out for being stupid or lazy... terrorists are wily and clever!
9/11 didn't happen because of North Korea, Afghanistan, Iraq, or Iran. The hijackers came from and were supplied from Saudi Arabia.
M
Hillary refuses to release proof of election manipulation since Obama said no serious person believes this. She is standing against Obama.
She never stood against Nazis since she needed their votes.
my work above
Taking credit for functionality built into the standard UNIX stack for decades? Wow. You know that before DNS was a thing, if you wanted nice names you were required to have an up to date hosts file right?
And what CA that my browser trusts are you going to use to sign a domain you don't own?
If I visit wikileaks.org and my browser says do you trust this certificated signed by Anonymous Cowards Snake Oil CA? I'm sure has hell not clicking yes.
Probably easier to setup a reverse proxy. Wikileaks however might get wise when all of their traffic starts coming from a single IP address, or small pool depending on the size of your setup.
Except wikileaks doesn't actually host directly from their IP, they have a variety of redirects setup so that when ine gets shut diwn they're back up shortly on another.
So trying to use a hosts file for them would make it hard to reach much of the time.
What I find most amusing is that APK wants us to abandon a dynamic, decentralized method in favor of using a single trusted source... him. Guess it feeds his ego.
Podesta even admitted he should accuse the other side of what his side is already doint.
We should ignore her book tour.
This. His connections to Russia mean nothing.
The Saudi authority have for a long time performed MITM on the nations whole population and companies such as Symantec have actively aided them.
If they had deployed DNSSec and I would have advised DANE then this would have been harder to perform.
https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
top tip try and enable it on your own domain !
That's more than many people paid. She just keeps reliving the last election.
Correct since Trump may have some.
Why make this public? Because Assange hasn't had any attention for a few weeks and his ego wants to be stroked.
Hillary supported Nazis, but we should all ignore that.
See subject: I only claim to have made the best tool for populating them so you can go faster, safer, more reliably (per this article & the one @ the foot of my last post you replied to in how China imitated a feature of my program you supply the data in the favorite sites where you spend most time online) & even a bit more anonymously too!
APK
P.S.=> I was there thru the invention of *NIX onwards & used to be a BIG fan of it but Windows is where I made my career (retired now for a decade++) though so, there you are... apk
See subject: Per this article & again the link @ the bottom of my post you replied to in its 'p.s.' - says it all for me...
APK
P.S.=> I don't have those issues vs. DNS security issues like redirect poisoning (most ISP DNS servers & those of others as well are still not secure vs. the kaminsky flaw) OR tracking by DNS request logs either - I get t o where I spend most time online MORE reliably & faster (vs. redirect poisonings OR dns being down) & I even help lighten DNS loads (bonus) this way using hosts files... apk
And what CA that my browser trusts are you going to use to sign a domain you don't own?
To quote Brianna Keilar: "Most of them?" A lot of CAs offer instantly-issued DV certificates now. All you have to do is place a verification file on the target domain, or create a special A record in the DNS, in order to prove to the CA that you control the domain. If I can manipulate the DNS such that wikileaks.org points at my server (even temporarily), I can get the CA to issue me a valid certificate for wikileaks.org. They're likely to revoke it once the tampering is discovered, but that could be many hours later and your browser will trust it in the meantime.
One possible mitigation is Key Pinning. This can potentially alert users to a certificate mismatch, but only if they've visited that site in the past 30-60 days and their browser knows what the keys for the valid certificate are supposed to look like.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
They both think their version of terrorism is fine and dandy.
See, the Russians know what they're doing is wrong so when they blow up civilians, they lie about it, because they know what they're doing and they know it's wrong and are ashamed to admit it. When the USians do it, they openly state they killed civilians, not lying about it at all, they call it euphemisms like "collateral damage" or "bad intelligence reports", because they know what they did but don't see anything wrong when they do it, and do not see why they have to lie. And ISIS feels the same.
We should ignore Trump's crimes because Hillary has some embarrassing stuff...
Mr. unidentifiable anonymous, what have you done better?
Do I even want to ask just how big your HOSTS file is?
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
(NEED MORE? Ask!)
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ ... apk
Better question to ask is how large will yours be w/ my program populating it for more speed, security, reliability + anonymity online & how current its data is (vs. threats online) - Yours will be roughly 150,000 lines or thereabouts & will be more efficient + ubiquitous in benefits/abilities (for far less) vs. any 1 browser addon & it will be absolutely current vs. threats as is possible from multiple reputable reliable sources in the security community.
APK
P.S.=> My hosts file's MUCH larger but I've been accumulating its data since 1996 or so online as an experiment on how large I can make it before any noticeable performance hits occur (hasn't to date & on a guess as to why? Hosts operate in kernelmode in a proven since 1969 TCP/IP stack (tcpip.sys in Windows device driver driven)).
For you to get there will take, odds are, 20++ yrs. as it did me & you will be as fast as ever (& far more safe + reliably connected online using my program)... apk
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
(NEED MORE? Ask & you're welcome to do better)
* Hosted by Malwarebytes' hpHosts!
APK
P.S.=> Produces a PERFECT result under 5-7 minutes here every time on an Intel Core I7 4790k cpu & 8gb of RAM... apk
Who's DNS was poisoned? How localized was this attack? This is really key. Isn't DNS poisoning done against a LAN, or a single DNS server? It seems that this probably affected a very small number of people. It isn't really even a hack on Wikileaks, it is a hack on some ISP's DNS server. It makes you wonder what other sites they might have changed during that period of time.
We should pretend Trump did something wrong because we don't want to admit Hillary did.
/. is the new covfefe.
All lies! You are a spammer. If you want to advertise your product, go through regular channels. Otherwise fuck off!
Instead, since you are one, you should tell us what it's like to be a homo. Personally, I'm fascinated by the concept. What's it like to be such a deviant? Inquiring minds want to know.
See subject: Again I'll let others speak for my work instead https://it.slashdot.org/comments.pl?sid=11068019&cid=55132037/ - now - Let's see YOU get results like that, ok? (It'll never happen from "your kind", lol - UNIDENTIFIABLE anonymous "ne'er-do-well" do-nothings, like you. Hotair windbag blowhard zeros...)
Takes less time than a system backup (for sure) & filtering off false positives for a PERFECT result guaranteed!
* The longest part, filtering false positives, is that IF/WHEN you want a perfect result (which IS necessary).
APK
P.S.=> Lastly - You're welcome to do BETTER (but you can't & all YOU + "your kind" can do is talk, mere hotair, but no substance OR results that are superior)... apk
See subject: I'll be true to myself & CONTINUE to do as I please, & lmao - YOU & "your kind", UNIDENTIFIABLE anonymous losers can't make me cancel even 1/2 a step... & you KNOW it.
* IF anyone here is a liar, it's you - I'm not gay (but it appears you WISH I was, or, that you are projecting your OWN inner problems onto me).
APK
P.S.=> Your kind? You can't STAND there's folks like myself out there who are able to do good things others like & use - you KNOW that "your kind" (do-nothing "ne'er-do-wells") never will, lol... apk