Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Kdms Team hackers hijack Rapid7 website using faxed DNS change request

“Hacking like it’s 1964”

Article comments

A pro-Palestinian hacktivist group managed to briefly hijack the Metasploit website of security firm Rapid7 on Friday after faxing a DNS change request to its registrar, the firm’s chief research officer HD Moore has admitted.

News of the attack emerged when newbie hackers ‘Kdms Team’ announced the takeover on Twitter with a series of brief messages concluding with a simple “Hello Rapid7.”

The attack appears to have lasted for a period of nearly an hour before Rapid7’s Moore took to Twitter to reply.  “I can confirm that the DNS settings were changed for a few minutes and pointed to 74.53.46.114,” he said.

After ruefully admitting the attack had been “creative”, Moore said that it had occurred after a simple bogus fax request to its registrar, Register.com.  “Hacking like its 1964,” Moore added, gamely.

Earlier this week, the same Kdms Team burst on to the hacktivist scene with an identical and equally embarrassing attack and on several Internet firms, including security firms AVG, Avira and messaging firm WhatsApp. That attack pivoted around a more orthodox password change request to Network Solutions.

Where the group got the DNS change idea from is no mystery. In late August the New York Times suffered a serious domain-redirection attack by the Syrian Electronic Army (SEA) that kept the site offline for several days. As with the New York Times, Rapid's Moore admitted the firm does not use domain locking to raise the level of authentication require for DNS change requests.

“We sign binaries, publish checksums, and authenticate updates, so not a big deal, just annoying,” commented Moore.

“When security companies can be hijacked, that's a good indicator of how fragile DNS is and what a single point of failure DNS providers have become,” commented Robert Hansen, technical evangelist at WhiteHat Security.

“Hijacking session tokens, stealing usernames and passwords and redirecting email are just some of the things that become possible when DNS is hijacked,” he said.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *