31 Jul
DNS attack writer a victim of his own creation
HD Moore has been owned.
Related Security Articles DNS attack secretary a victim of his possess universe Review: ClamXav 1.1 Review: SecuriKey Professional Edition 2.1 Researcher warns of unpatched iPhone bugs Momentum building for U.S. seclusion policy
That’s hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.
It happened on Tuesday morning, when Moore’s company, BreakingPoint had more of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what’s known in the same manner with a cache poisoning attack on a DNS server on AT&T’s network that was serving the Austin, Texas area. One of BreakingPoint’s servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore’s company.
When Moore tried to go to see Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically pawl on advertisements.
BreakingPoint employees noticed the problem early today from friends and family who were also using the AT&T DNS server noticed that their Google.com Web page didn’t look quite right (hackers had omitted the NASA-themed logo that Google used on Tuesday).
In early July, computer security experts began warning this type of cache poisoning attack could exist pulled off much to a greater degree easily than previously thought, expressions of gratitude to a new technique. Early highest week, technical details of this attack were leaked to the Internet and HD Moore’s Metasploit project rapidly released the first software that exploited this tactic.
Now he’s one of the first victims of such an attack. “It’s funny,” he said. “I got owned.”
Things may not be so funny to ISPs (Internet Service Providers) who are scrambling to roll without patches to their DNS software before these attacks become more widespread.
The flaw has to do with the way that DNS programs share information extremely the Internet. In a cache poisoning attack, the attacker tricks a DNS server into associating malicious IP addresses with legitimate domains, such as Google.com. Security experts say that this type of flaw could lead to very happy phishing attacks against Web surfers whose ISPs have not patched their servers.
Because of the kind of the AT&T hack, Moore doesn’t believe that he was targeted by the hackers. Even BreakingPoint employees didn’t realize that their internal DNS server had been configured to use the AT&T machine. Instead, he thinks that they were simply sad to make a quick buck.
AT&T representatives were not immediately available to comment on the liable to happen.
Moore believes that this type of attack may be going on at other ISPs during the time that well, notwithstanding.
Dan Kaminsky, the IOActive researcher who first discovered the DNS question, said that he’s heard reports of other attacks, although he declined to say how widespread they were. “The capability to do a lot of damage is on the outside there,” he said.
