Slashdot Mirror
Hacking Group 'OurMine' Temporarily Redirected WikiLeaks DNS Service (theguardian.com)
An anonymous reader quotes the Guardian:
WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.
I'm more interested in the point that the screenshot from the link shows a https link so either the screen shot is fake or they also managed to get hold of a certificate for wikileaks.org
Allowing their DNS to be poisoned indicates a lack of technical proficiency regardless of whether the breach was their own. There are several easy to implement technologies to prevent this.
Wikileaks actually invited hackers to hack its site. So, I do not think that the hackers were malicious. If nothing else, they did Wikileaks a favor. If a bunch of hackers can do this, the NSA (and other intelligence agencies) can do much worse.
Plus, an intelligence service won't attack when it's invited to do so, it will only attack when Wikileaks is about to dump something that is important to them. In this age of short attention spans, timing can be crucial.
The same goes for Wikileaks. Wikileaks chooses to release information when it thinks it will have the most impact (e.g. just before an election, just before a troop redeployment, not during a Super Bowl, not when Beyonce is having twins, etc).
They didn't poison the wikileaks DNS servers, they poisoned some ISP:s DNS servers AFAIK. The link in the screen shot also depicts a https address so I wonder if this really was accepted by any modern browser?!
Or forget that, they did poison the wikileaks DNS: "An OurMine spokesperson confirmed to the Guardian that the attack was DNS poisoning, carried out through hacking Wikileaks’ domain provider."
Wikileaks doesn't have DNSSEC enabled, so it is trivial to poison caches. Granted, most users are not behind dnssec-validating resolvers, but this is changing...
"America's war's and terrorism other than the terrorists manage to kill a lot fewer "
That's because the American's are a lot more dangerous than any Muslim terrorist group could ever hope to be. The number one thing foreign countries or terrorist groups should never do is do anything that would really piss off the US public. Pissing off regular US citizens has never really paid off very well for those that did. Japans attack on Pearl Harbor killed less than 5000 people but this singular event put the US on the path to becoming the most powerful country on the planet. Before this attack the US had a military that did not even rank in the top 10 of most powerful militaries on the planet. The vast majority US citizens were against the US entering WW2. This attack spurred the greatest build up of military might ever seen. The US was stronger after the war than before it and the military build up started by that one attack has never stopped.
The 9/11 attack angered enough of the US public who turned around and basically gave the government a blank check with orders to go kill someone or blow something up.
There is a sizeable population in the US who would welcome a foreign invader for the chance of showing the world what a real insurgency looks like. The US civilian population is better armed than most foreign countries. ME terrorist groups may have IED's made using unexploded ordinance and cell phones but the US "resistance" groups would be churning out small yield nuclear devices by the truck load.
The only problem is that the US, in every conflict after WW2, has never finished the job. The whole rational going to war is to kill and destroy the enemy until they are all dead and the only thing left to bomb is rubble. You should go to war if you are willing to do what is necessary to win. There has never been a war throughout human history were civilians did not die. The key to preventing civilian deaths is for the armed fighters to surrender or die. The faster this happens the lower the civilian casualty count will be. Acting all indignant or surprised about waging war is not going to stop the carnage. Humans have been fighting and killing one another ever since there were enough of us around to pick sides and fight over the biggest caves and most women.
Because they don't actively adopt, encourage, and support a Nazi ideology? Or racist or religious hate in general? There's no double standard - one group actively goes way over any reasonable line, and the other at worst tolerates borderline postings by others -- if even that.
Nobody seized a domain. DailyStormer was free to transfer their domain to registrar would take it. They simply failed to find a taker. Look up the whois record yourself.
Damn people for expecting their political leadership to condemn domestic terrorism and groups that endorse it through bullshit like "rahowa."
Conservatives already do it. Liberals will not because, as they explain over, and over, and over again, you can no more blame Islam and Muslims for those attacks than you can blame Christianity and Southern Baptists. You need to be a bit more specific, like blaming Nazis and ISIS.
Pretty sure liberals have been blaming ISIS. So suck it.
If this were me, I'd log everyone requesting WikiLeaks and redirect most of them to the actual WikiLeaks. Then for those that ordered the secret sauce, some of them would see my own custom version of WikiLeaks (which would probably look just like the actual WikiLeaks, except the "upload leak" button would go to me instead.)
This would probably require some tricky DNS configuration, but it looks like BIND supports this. If they lost control of DNS, a bind configuration like that would make it way trickier to detect, and more useful, than a global redirect of "I captured your flag!!!"
The Saudi authority have for a long time performed MITM on the nations whole population and companies such as Symantec have actively aided them.
If they had deployed DNSSec and I would have advised DANE then this would have been harder to perform.
https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
top tip try and enable it on your own domain !
And what CA that my browser trusts are you going to use to sign a domain you don't own?
To quote Brianna Keilar: "Most of them?" A lot of CAs offer instantly-issued DV certificates now. All you have to do is place a verification file on the target domain, or create a special A record in the DNS, in order to prove to the CA that you control the domain. If I can manipulate the DNS such that wikileaks.org points at my server (even temporarily), I can get the CA to issue me a valid certificate for wikileaks.org. They're likely to revoke it once the tampering is discovered, but that could be many hours later and your browser will trust it in the meantime.
One possible mitigation is Key Pinning. This can potentially alert users to a certificate mismatch, but only if they've visited that site in the past 30-60 days and their browser knows what the keys for the valid certificate are supposed to look like.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Who's DNS was poisoned? How localized was this attack? This is really key. Isn't DNS poisoning done against a LAN, or a single DNS server? It seems that this probably affected a very small number of people. It isn't really even a hack on Wikileaks, it is a hack on some ISP's DNS server. It makes you wonder what other sites they might have changed during that period of time.