Question 37 : What is DNS Hijacking and How it works ?

I have a question ...

DNS hijacking is a process in which an individual redirects queries to a domain name server (DNS). It may be accomplished through the use of malicious software or unauthorized modification of a server. Once the individual has control of the DNS, they can direct others who access it to a web page that looks the same, but contains extra content such as advertisements. They may also direct users to pages containing malware or a third-party search engine.

ISP hijacking

DNS hijacking is also done by some Internet service providers, such as Comcast, so that they can link users to their own search pages when they visit a web page that no longer exists. Many claim this is to improve the users experience; however, this can also be another great source of extra revenue since they control the site and get paid off any advertisement clicks. Currently, there are no laws against an ISP doing this to its users.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

DNS Hijacking

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

Src: gohacking, Computer Hope 

U.S. Blame China for Massiv Hack Attack

usa-versus-chinaFour million U.S. government workers hit by cyber breach. The information was revealed this Friday, June 5 by Washington. According to the Cybersecurity expert advising U.S. government this vast cyber-attack against the federal government appears designed to build a vast database in what could be preparation for future attacks by China against U.S.

The breach was initially thought to have affected the Office of Personnel Management and the Department of Interior, but government officials said hackers hit nearly every federal government agency. An assessment continues, and it is possible millions more government employees may be affected. The stolen information included Social Security numbers and performance evaluations.

Historically …

The detection of this “cyber-intrusion” dated April, but according to information obtained by the Washington Post to officials, who requested anonymity, the operation would have been fomented in December, just when the personnel management office was putting in place new safety procedures.

Failure to update software behind federal data breach…

The cybersecurity experts added that some government agencies have not been following the government’s own best practices for cybersecurity, such as updating operating systems with latest protections.

Security researchers have pointed to a cyber tool or family of malicious software called Derusbi that has been linked exclusively to Chinese actors.

Chinese Cyber espionage…

According to Analysts and Experts , other Chinese entities, including the military,may also be involved in the campaign, Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”

China dismissed the allegation of hacking as “irresponsible and unscientific.” Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace : “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,”.

The big-data approach being taken by the Chinese might seem to mirror techniques used abroad by the NSA, which has come under scrutiny for its data-gathering practices under executive authority. But in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.

EINSTEIN Detection System…

Employees of the legislative and judicial branches and uniformed military personnel were not affected.

The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.The FBI is investigating what led to the breach.

src: cnn, washingtonpost

Deep Web : Virtual to reality (Ross Ulbricht)

3489419_3_624f_profil-linkedin-de-ross-william-ulbricht_5e9a51b897c9680fb84211c1d0cc98b9

Ross Ulbricht, the founder of the Silk Road online site selling drugs was sentenced this Friday, May 29 to life imprisonment by a court in New York. He was known on Silk Road under the pseudonym “Dread Pirate Roberts” or “DPR” .According to FBI information, Ulbricht had moved to San Francisco. Graduated with a Masters degree in Materials Science at the University of Pennsylvania, the young man controlled the servers and infrastructure of the site, he managed a reduced  “customer service” , and ran a small team of administrators.

Silk Road …

“Great quality for heroin smashes”. This is the type of ad you could find on Silk Road. Specifically, Silk Road also called “drug’s ebay” was based on a great principle of anonymity. The site, hidden in the deep web was limited to users in the digital decentralized network that guarantees complete anonymity. Launched in 2011, Silk Road thus allowing its users to sell or buy any product, including drugs. Credit cards and Paypal accounts were obviously prohibited, to ensure user identities’s safety. To pay for purchases, users actually using the virtual currency “bitcoin” which guarantees confidentiality: transactions were anonymous , and the seller did not know the buyer. The only information revealed was the delivery address.

According to the FBI, between February 2011 and July 2013, the  website helped nearly 1.2 million transactions for a total of almost 9.5 million bitcoins,that is  according to calculations by the US authorities close to  1.2 billion. Silk Road levied a commission on each payment, assessed over the same period to 600,000 bitcoins, or 80 million. A sum that allowed to finance the operation of the website and the small team that managed it.

FBI Investigations  …

In July 2013, the FBI was able to identify a server located abroad, which hosted Silk Road. Through cooperation with local authorities, US investigators were able to get a clear picture of the server, and access private messages exchanged on the site. Then able to identify the creators of Silk Road, the FBI and other US security agencies have sought the first traces of online promotion of the site, including forums. It is through this,  that investigators found two messages of a certain “altoid” which allowed them then by cross-checking, finding traces of a blog on WordPress, linked to a Gmail address. This was one of William Ross Ulbricht, the website’s founder.

Bad Configuration – TOR‘s Mechanism…

To identify and locate Silk Road, FBI simply exploited a flaw in the configuration of the home page of Silk Road’s site. By connecting as a simple client, then analyzing traffic between FBI and  Silk Road’s  computers , Tarbell officer (FBI agent) noticed that one IP address sent by the server to validate the connection did not match any identified TOR relay. He then checked the location of the server with the IP address “ordinary” – a very simple operation – and discovered that it led to a commercial hoster installed in Iceland.

To prove the truth of his explanation, almost too simple, the Tarbell agent does not hesitate to refer to the user guide published by the designers of TOR. It explains that to “TOR-ify” an application (eg a retail site), follow a very strict procedure, otherwise the real IP address of the server would be visible, and the passage of data by the digital relays not conceal anything.

Subsequently, after entering the Ross Ulbricht’s private messages , the FBI discovered that he was aware of this flaw in his system. But apparently he had read the manual carefully as less Tarbell agent and had failed to correct it properly …

Once identified IP address, the US sent a request for legal assistance to the Icelandic authorities. Investigators of the Reykjavik police first noted that the target server was managing large volumes of traffic encrypted by TOR. Then she recovered the history of its connections and its entire contents, and transmitted at the FBI. The result was unequivocal: the IP address collected by the FBI was that of a server used by Silk Road to link buyers and drug dealers.

The use of TOR and Bitcoins guaranteed to silk road, a double sophisticated security system in deep web , however he has been unmasked because of a security flaws !

Deep Web the movie …

“Deep web” is the title of 90′ film documentary devoted to Ross Ulbricht and Silk Road. It’s broadcast on US TV Epix this May 31.

Synopsis

Deep Web gives the inside story of one of the the most important and riveting digital crime sagas of the century — the arrest of Ross William Ulbricht, the convicted 30-year-old entrepreneur accused to be ‘Dread Pirate Roberts,’ creator and operator of online black market Silk Road. The film explores how the brightest minds and thought leaders behind the Deep Web are now caught in the crosshairs of the battle for control of a future inextricably linked to technology, with our digital rights hanging in the balance.

 Deep Web features the core architects of the Deep Web; anarchistic cryptographers who developed the Deep Web’s tools for the military in the early 1990s; the dissident journalists and whistleblowers who immediately sought refuge in this seemingly secure environment; and the figures behind the rise of Silk Road, which combined the security of the Deep Web with the anonymity of cryptocurrency.

Finland Victim of Hacking

images (8)Finland claims to be hack by many governments !

Unspecified foreign powers damaged Finland’s national interests by obtaining a vast quantity of Finland’s foreign policy documents through a sophisticated and long-term cyberespionage campaign, Finnish officials said Wednesday.

The Finnish Security Intelligence Service (FSIS) has detected and foiled two distinct penetrations of the Finnish foreign ministry’s computer network, the service’s chief, Antti Pelttari, said in a webcast news conference.

The ministry’s internal network was hacked with an information-gathering program which kept forwarding foreign ministry documents undetected to servers outside Finland for several years, Mr. Pelttari said.

Source: The Wall Street Journal

Am I infected ?

Cyberthreats Realtime Map is a  visual tool allows users to see what is going on in cybersecurity around the world in real time.

This wonderful tool is built by Kaspersky Network Security Lab . That prove that  malicious hackers are constantly attacking networks, companies and even individuals.

Real-time cyberthreat map exposes  global threat in real time that can be seen like that:

kasperksy-map-3

This is just a  short introduction post about this tool , we will come back soon.

Here is Kaspersky link to watch the realtime map.

Enjoy it !!! and catch a picture for your desired country .