Download - A Brief History of DNS Hijackings
![Page 1: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/1.jpg)
Google Confidential and Proprietary
A Brief History of DNS HijackingsMorgan Marquis-Boire
![Page 2: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/2.jpg)
Google Confidential and Proprietary
Whois Morgan? Incident Response Team - Google Penetration Tester for Security-Assessment.com Linux / CA work for .gov.nz
![Page 3: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/3.jpg)
Google Confidential and Proprietary
Disclaimer While this talk contains many examples specific to Google domains, none of these represent compromises of Google hosts or services. This talk contains many real-world examples of domain hijacks. This is intended to highlight the systemic nature of this problem rather than specific security problems with any one organisation.
![Page 4: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/4.jpg)
Google Confidential and Proprietary
DNS Hijacking - Overview Basic Concept
The practice of redirecting DNS lookups to other (rogue) DNS servers.
![Page 5: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/5.jpg)
Google Confidential and Proprietary
Actors and MotivationsAdvertising Monetization / Mass Click Fraud
![Page 6: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/6.jpg)
Google Confidential and Proprietary
Fraud
![Page 7: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/7.jpg)
Google Confidential and Proprietary
Fraud
![Page 8: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/8.jpg)
Google Confidential and Proprietary
Actors and MotivationsAdvertising Monetization / Mass Click Fraud Regular Fraud
![Page 9: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/9.jpg)
Google Confidential and Proprietary
ChronoPay DNS Hijack
![Page 10: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/10.jpg)
Google Confidential and Proprietary
Actors and MotivationsAdvertising Monetization / Mass Click Fraud / Fraud Censorship
![Page 11: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/11.jpg)
Google Confidential and Proprietary
Censorship
![Page 12: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/12.jpg)
Google Confidential and Proprietary
Actors and MotivationsAdvertising Monetization / Mass Click Fraud / Fraud Censorship Hacktivism / Defacement
![Page 13: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/13.jpg)
Google Confidential and Proprietary
Twitter - 18 December 2009
![Page 14: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/14.jpg)
Google Confidential and Proprietary
Actors and MotivationsAdvertising Monetization / Mass Click Fraud / Fraud Censorship Hacktivism / Defacement Phishing Account Access (Man-in-the-middle attacks)
![Page 15: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/15.jpg)
Google Confidential and Proprietary
Credentials
![Page 16: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/16.jpg)
Google Confidential and Proprietary
Tunisia DNS Hijack Tunisia, 25 December 2010 Facebook. Gmail. Etc. Stealing an entire country's passwords.
![Page 17: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/17.jpg)
Google Confidential and Proprietary
Tunisia DNS Hijack
![Page 18: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/18.jpg)
Google Confidential and Proprietary
Mass Domain Hijackings Registry Hacking Highly Effective High Traffic domains under a compromise ccTLD.
![Page 19: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/19.jpg)
Google Confidential and Proprietary
Mass Domain Hijackings Started tracking 3 years ago. Simple code to monitor changes to Google-owned domains
![Page 20: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/20.jpg)
Google Confidential and Proprietary
Chronology 2009 - Morroco,Tunisia,Tajikistan, Ecuador, Kenya,
New Zealand 2010 - Uganda, Puerto Rico, Denmark 2011 - Suriname, Malawi, Congo, Guadaloupe, Fiji, Bangladesh 2012 - Nepal
![Page 21: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/21.jpg)
Google Confidential and Proprietary
How does this happen Misc software bugs Password Re-use Social Engineering Bribery / coercion SQL Injection
![Page 23: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/23.jpg)
Google Confidential and Proprietary
Social Engineering
![Page 24: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/24.jpg)
Google Confidential and Proprietary
Effects Mostly web defacement - bragging rights Visibility for political causes Monetize via spam / affiliate advertising User credential / data theft
![Page 25: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/25.jpg)
Google Confidential and Proprietary
HACKED
By_Ogmass & S4S_7 & Spy
Cyber Mafia Crew Corp.
Özenen Deðil Daima Özenilen Oluruz.google - tunus hacked ?
(:
uname -a ;Linux webnx1 2.6.16.54-0.2.5-smp #1 SMP Mon Jan 21 13:29:51 UTC 2008 x86_64 x86_64 x86_64 GNU/Linux
uid=0(root) gid=0(root) groups=0(root)
![Page 26: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/26.jpg)
Google Confidential and Proprietary
![Page 27: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/27.jpg)
Google Confidential and Proprietary
![Page 28: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/28.jpg)
Google Confidential and Proprietary
![Page 29: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/29.jpg)
Google Confidential and Proprietary
![Page 30: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/30.jpg)
Google Confidential and Proprietary
![Page 31: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/31.jpg)
Google Confidential and Proprietary
Press
![Page 32: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/32.jpg)
Google Confidential and Proprietary
Press
![Page 33: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/33.jpg)
Google Confidential and Proprietary
Press
![Page 34: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/34.jpg)
Google Confidential and Proprietary
Compound Problems
![Page 35: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/35.jpg)
Google Confidential and Proprietary
Compound ProblemsComodo Diginotar StartSSL Trustwave
![Page 36: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/36.jpg)
Google Confidential and Proprietary
Compound Problems SSL / TLS doesn't tell you if you've been sent to the correct site, it only tells you if the DNS matches the name in the certificate.
![Page 37: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/37.jpg)
Google Confidential and Proprietary
Why Should You Care?Bad press. DNS is trusted. Trust is inherited from ICANN. People die.
![Page 38: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/38.jpg)
Google Confidential and Proprietary
Solutions / MitigationsRegular security audits Registry in a box Required minimum security posture DNSSec
![Page 39: A Brief History of DNS Hijackings](https://reader033.vdocuments.mx/reader033/viewer/2022051714/5875fd911a28ab68278bcd66/html5/thumbnails/39.jpg)
Google Confidential and Proprietary
Questions / Comments ?