Hacking Group 'OurMine' Temporarily Redirected WikiLeaks DNS Service

An anonymous reader quotes the Guardian: WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

No DNSSEC, what did they expect?

Wikileaks doesn't have DNSSEC enabled, so it is trivial to poison caches. Granted, most users are not behind dnssec-validating resolvers, but this is changing...

no DNSSEC so expect MITM

[johnjones]

The Saudi authority have for a long time performed MITM on the nations whole population and companies such as Symantec have actively aided them.

If they had deployed DNSSec and I would have advised DANE then this would have been harder to perform.

https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en

top tip try and enable it on your own domain !