I noticed this article posted on Tuesday on The Register: http://www.theregister.co.uk/2013/10/08/dns_hijack_attack_spree
which also points to these stories: http://grahamcluley.com/2013/10/avg-website-palestinian-hackers/ http://grahamcluley.com/2013/10/whatsapp-hacked-offline/ and it appears that early the hosting firm LeaseWeb had a similar DNS hijack: http://blog.leaseweb.com/2013/10/06/statement-on-dns-hijack-of-leaseweb-com-website/ >From what I gather from various reports the first three (AVG, Avira and >WhatsApp) seem to be due to the registrar, Network Solutions, accepting a fake >password-reset request. As reported in the first grahamcluley article, a >spokesperson from Avira said: ---- It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira. Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers. ---- If this is the case for all of these, there's nothing that DNSSEC or anything else could have done here as the attackers are gaining full access to the domain registrants DNS records and can modify them as they wish. Dan -- Dan York Senior Content Strategist, Internet Society [email protected] <mailto:[email protected]> +1-802-735-1624 Jabber: [email protected] <mailto:[email protected]> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
