Iranian Hackers Suspected in Worldwide DNS Hijacking Campaign

US cybersecurity firm FireEye has uncovered an extremely sophisticated hacking campaign during which a suspected Iranian group redirected traffic from companies all over their globe through their own malicious servers, recording company credentials for future attacks. From a news report: Affected organizations include telecoms, ISPs, internet infrastructure providers, government, and sensitive commercial entities across the Middle East, North Africa, Europe, and North America. FireEye analysts believe an Iranian-based group is behind the attacks, although there is no definitive proof for exact attribution just yet. Researchers said the entities targeted by the group have no financial value, but they would be of interest to the Iranian government.

The enemy du jour

[fustakrakich]

People actually believe this stuff? Don't answer, rhetorical question. Just curious...

Re:The enemy du jour

[fustakrakich]

"no definitive proof"

Hey! Good enough for me! Hang the bastards, right??

This is sick! "no definitive proof", but let's put it in the headline anyway. Sells more papers. The entire "news' scene has become tabloid gossip!

Re:The enemy du jour

[haruchai]

"no definitive proof"

Hey! Good enough for me! Hang the bastards, right??

This is sick! "no definitive proof", but let's put it in the headline anyway. Sells more papers. The entire "news' scene has become tabloid gossip!

Read the article. It may not be "definitive" but it's well beyond merely plausible

Re: The enemy du jour

Calm down Francine. You have some vested interest in defending Russians or Iranians? Youâ(TM)re acting suspicious and getting defensive.

Re:The enemy du jour

Why, do you have compelling evidence that the story is false? If not, go fuck yourself for pretending.

Re: The enemy du jour

Oops

Re:The enemy du jour

People actually believe this stuff? Don't answer, rhetorical question. Just curious...

Obviously everyone should believe you rather than any other source, at least that's how it is in the fantasy world you've constructed in which your life
matters.

You're in for a life of disappointment and frustration, son. You see, a prole like you doesn't matter any more than an ant which is crushed by the tracks of a tank. You're not even noise in the background in the equation of world events. The sooner you get used to this truth and accept it, the sooner you will have a chance to be happy and quit whining.

Re:The enemy du jour

[fustakrakich]

it's well beyond merely plausible

Only by an appeal to authority.

Re:The enemy du jour

Damn! the chickenhawks speak up! And moderate!!

FYI: The burden of proof is on the prosecutor, absence of real public cross examination verifies nothing...

Re: The enemy du jour

Well, everybody knows the best defence is a good offence.

So, you suck, AC, you utterly totally suck. What am I saying, you fucking suck, you apple-toting hipster, you.

There. Now it can't have been the Iranians or the Russians.

redirected traffic all over their globe

[Megahard]

So those of us on a different globe are not affected?

Re:redirected traffic all over their globe

Almost, it's not a globe. The Earth is clearly flat. Lies within lies.

Re:redirected traffic all over their globe

No worries, like all politicians, those living on a different world are isolated from this problem.

But Obama told us...

... that Iran were the good guys. He even proved it by giving them $400M in cash!

Re:But Obama told us...

[Mr.+Dollar+Ton]

Well, a Saint Ronald made a deal with them once upon a time to hold some hostages a few months more, until he'd won an election. And then sold them advanced weaponry against the law.

The only actually interesting blurb :

""While the precise mechanism by which the DNS records were changed is unknown, we believe that at least some records were changed by compromising a victim's domain registrar account,"

When Republicans lie, keep the noose ready.

When Republicans lie, all they effectively do is make their tiny penis just that much shorter. There are few males left. FYI that was Iran's money that the US had taken illegally and was compelled to give back by a court, in fact, and the way Obama got them to agree to the payment WITHOUT INTEREST was very much in the US best interest as it saved billions in EXTRA money that would have been paid to Iran. So yes, thanks Obama.

TLDR, basically Republicans are faggots who lie about everything.

Re:When Republicans lie, keep the noose ready.

[guruevi]

Explains all the leftists having to change gender (and literally invert their penis) then.

Re:When Republicans lie, keep the noose ready.

What about the hundreds of billions that Iran owes the US for assets seized, damages done, injuries... all of which was still pending? That money was being held until the money Iran owed the US was settled, which is part of why the US Congress passed a law specifically forbidding the government from transferring funds to Iran.
Also, the transferred funds did include interest, and lots of it.

TLDR, you are a lying, ignorant buffoon that is obsessed with Republican dick, because it's the only dick you've ever seen.

Re:When Republicans lie, keep the noose ready.

find a new insult, man. You're being a biggoted asshole, and its not fair to liken republicans to the gay community.

Isn't this ironic, due to the shutdown and certs..

[ctilsie242]

This is timely. Right now, because of the shutdown, there are a lot of government domains whose certs are not being renewed, because there are no sysadmins able to renew them. So, with an expired cert, all it takes is a DNS attack to redirect someone from foo.gov to foo.ir, as the user is almost certainly not going to examine the cert and manually check its pedigree and dates.

This is going to cause grave security concerns going forward.

FireEye suspects Iranian group?

[najajomo]

FireEye, is this the same shower that provided security to Equifax:

Equifax back FireEye for hacker defence:

“We have this category that Equifax calls unhandled malware, [with] which traditional security approaches haven’t been very helpful. Putting in FireEye has really helped us detect this unhandled malware, then gives us the capability to take action to stay secure.” link

Re:FireEye suspects Iranian group?

FireEye is a decent security company, saying that Equifax using their product means that they're shit is just retarded.

Re:FireEye suspects Iranian group?

[Mr.+Dollar+Ton]

Yeah, it is, like, an outfit that is totally independent from government influence, and they are totally not twisting anything on government behalf.

https://venturebeat.com/2009/1...

Re:Can't harm you when you avoid DNS... apk

That actually would not stop this attack. Sorry!

Impeach and hang the traitor.

Bingo. Trump's "security concern" about the border (in fact 7 TIMES more terrorist suspects enter at the northern border, but forgetting that for now..) has caused massive security VULNERABILITIES across the board.

Impeach and hang the traitor.

hahhaha i dont use dns

hahhaha i dont use dns

Why not? apk

It's an attempt @ redirecting DNS (near same as Kaminsky poisoning flaw does) & if you hardcode proper IP address to hostname in hosts, you not only RESOLVE IT FASTER vs. remote or even local DNS, but you also get there NON-REDIRECTED & where you intended to do (not a malicious doppleganger site OR otherwise non-genuine site).

* I.E. - You get where you INTENDED to get to - not some BOGUS alternate due to redirected/poisoned DNS...

APK

P.S.=> Doing hosts the way my program does allows that & protects vs. threats galore + speeds you up 2 ways, natively (vs. "Bolt-on-'MoAr'" ILLOGIC-LOGIC "solutions" full of security issues I noted in the post you replied to) + avoids DNS requestlog tracking too... apk

Re:Can't harm you when you avoid DNS... apk

Ever wonder why APK always posts an an AC?

Well, it's because APK is a Chinese hacker, and is actually the one responsible for this attack!

APK Hosts File Engine rerouts all your traffic to Russia, China, and Iran!!

Unidentifiable AC stalker of me says that?

Unidentifiable AC stalker of me says what YOU did? Please - lmao! I'm NOT 'the bad guy' (to quote Ben Affleck's Daredevil rendition) & be GLAD I'm not - since IF I were? Believe you me - I'd be writing stuff that would BLOW AWAY any threats being done out there now - by far...

* I don't DO "bogus" crap though & why? The internet itself really - in my 1/2 century++ of existence, it's one of, if not THE coolest thing I've ever seen done in my lifetime (great learning tool more than ANYTHING imo).

APK

P.S.=> I wrote the 1st model of this program in 2001 (some old utilities I wrote still have that model (sucked vs. this version imo)) & didn't get 'serious' about it until 2010 or so when things got REALLY "stupid" out there & it's worse now so, it was needed (to help stop the 'spread of the disease' so-to-speak))... apk

Re:Isn't this ironic, due to the shutdown and cert

[fustakrakich]

Not to worry. Give him another 5 bil, and he'll give you a glorious new concrete fireWall!

Guruevi is an admitted pedo.

Guruevi is an admitted pedo. Remember that every time he speaks. (Look in his comments 6 months ago, see for yourself)

US cybersecurity firm

And how can we know FireEye had not received an NSL telling them to lie about this?

By the same logic that US is blocking Huawei, every US company is only one NSL away from being an extension of the US military and intelligence service. Nothing coming from any US firm can be trusted when it comes to anything related to Iran, Russia, China, etc.

Re:US cybersecurity firm

And how do we know that China or Iran hasn't planted you here to write that crap?

How. Do. We. Know.

Quote BLADE from Blade 1... apk

See subject & "Remember what we told you" https://tech.slashdot.org/comm... "you keep your eyes open: They're EVERYWHERE..."

* :)

APK

P.S.=> "The world you live in is just a sugar-coated topping - there is ANOTHER WORLD, beneath it - & IF you want to SURVIVE IT, you'd better LEARN to PULL the TRIGGER!"... apk

Quote BLADE from Blade 1... apk

See subject & "Remember what we told you" https://tech.slashdot.org/comm... "you keep your eyes open: They're EVERYWHERE..."

* "There's a war going on out there. Blade, myself & a few others try to keep it from spilling onto the streets - You have to understand: They're everywhere. We hunt 'em you see, tracking their migrations. They're hard to kill, they tend to regenerate..." - Abraham Whistler

APK

P.S.=> "The world you live in is just a sugar-coated topping - there is ANOTHER WORLD, beneath it - THE REAL WORLD, & IF you want to SURVIVE IT, you'd better LEARN to PULL the TRIGGER!"... apk

To whoever downmodded me? apk

"You'll hunt me. You'll condemn me. Set the dogs on me" Batman from "The Dark Knight" (& you'll FAIL)...

* "Sometimes, people deserve to have their FAITH REWARDED" per https://tech.slashdot.org/comm...

Host-domain use in malware's down & I think what I did helped that per https://unit42.paloaltonetwork...

(Especially all you "Lucius Fox" types - as I make not only malware threats go away but I make trackers & YES DNS REDIRECTS disappear too (right from that scene in the film by analogy))

(MY FAITH IS REWARDED by that ACT OF FAITH on my part)

"He didn't do anything wrong" - Jamie Gordon "The Dark Knight"!

APK

P.S.=> Any of you with talent/skills should be doing the SAME & Make a Wheel https://isc.sans.edu/forums/di... as I did multiplatform - it's EXACTLY mostly for those who you speak of... apk

Re: To whoever downmodded me? apk

I modded down your spam post. I didn't read this post of yours, either.

SPH

Re: To whoever downmodded me? apk

You read it and realize you can't measure up to the challenge it presents to a no talent under-educated unskilled moron like yourself.

Tripple whammy of "repsect my authoritay"

It's a "computer security" imperial textile shop well known for shouting "hackers! hacking! with hacks!" in its press releases, a press release copy/pasted by a imperial textile "news" website also well known for shouting "hackers! hacking! with hacks!", and it's about "state-run hackers! with state-hacks! cyber state-backed cyber hacking!"

And of course msmash would be the first to post this.

Re:Isn't this ironic, due to the shutdown and cert

[sheramil]

Dare I say it... collusion?

Re: Usa Loves Torturous Dictaitors

You backed the Shah. You done fucked up.

The only debts owed from the Iranian Revolution is an APPOLOGY from the American President for suporting the murderous Shah regime.

Re: Youve EXPORTED Terror to Canada You Faggots

But keep delluding yourself with Foxnews you mouthbreathing faggot.

Can't harm you if you avoid DNS... apk

See subject (+ DNS tracking & security issues like Kaminsky redirect poisoning 95++% of ISP dns aren't patched vs): I do for my TOP 100 fav sites I hardcode @ TOP of hosts files (for fastest possible local RAM based resolution speed along w/ blocking ads, infectors, malware, phishmail payload links, & malcript, etc. - et al) via:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

* Soon for MacOS (just got a NEW Mac-Mini to port it there)

APK

P.S.=> Accept NO substitutes (especially INFERIOR competitors in 'solutions' FULL of security issues (DNS/Antivirus OR 'souled-out' to NOT work by default (like adblock & other easily detected & nullified browser addons that DO LESS & yet USE MORE)))... apk