Social Engineering Still Alive and Kicking
A simple call to Network Solutions provides enough to hack a site.
Denial of Service
A social engineering attack resulted in secure e-mail service provider Hushmail
having its Web site redirected to a defaced Web site. According to reports,
, the domain name service provider
behemoth, gave out information through a customer support line sufficient to
allow an attacker to alter DNS record information for Hushmail.com. Visitors
to the Hushmail site were instead sent to a server co-opted by the attacker.
Network Solutions said it's implemented new security measures to ensure that
such an "isolated event" doesn't happen again.
There are so many things to go into here it's hard to decide where to start.
First, the existing security measures Network Solutions purports to have in
place weren't followed; what's the point in implementing new measures if the
old ones can't be followed?
Secondly, it demonstrates the frailty of the entire Internet. A single site,
with a single point to alter such significant information, can lead to an entire
company's online presence being altered or removed. No amount of backup could
have prevented this; it's solely in the hands of Network Solutions to ensure
this sort of thing can't happen. Multi-billion dollar companies must be able
to rely on Network Solutions to prevent such an attack. Think about that the
next time you're preparing your sales forecasts for online business.
column was originally published in our weekly Security Watch
newsletter. To subscribe, click here.
Although the redirection didn't last for very long, and despite the fact that
Hushmail has stated that no data was at risk or compromised in the process,
the action has had—and will continue to have—a significant impact
on Hushmail's reputation and credibility. This will become an urban legend,
something talked about for many years to come.
Social engineering targeting customer support personnel is one of the oldest
forms of attack; that a company the size and importance of Network Solutions
could be vulnerable to such an attack demonstrates a shocking lack of sound
security practices and judgment on its part.
According to a report by Zone-H,
a site that monitors hacking activity, Web server attacks and Web site defacements
rose by 36 percent in 2004. Last year, there were nearly 400,000 attacks on
network servers and corporate websites worldwide. Currently, 2,500 Web servers
are hacked daily and Zone-H estimates that these numbers could rise to 80,000
per day once third-generation VoIP phones become mainstream. Zone-H also reported
186 attacks on U.S. government servers and 49 attacks on U.S. military servers.
It's important to note that Zone-H relies solely upon reports from others for
its data, leading to questions about its overall accuracy. Previously, an outage
of Zone-H's site would lead to a reduction in reported defacements. Whether
it was caused by an inability to get hacker e-mail or a slowdown in reporting
by hackers who saw that the site was down is unclear.
That said, it's safe to assume that defacements continue to increase. Web site
defacement is often seen as a "rite of passage" for hackers. Generally,
a would-be hacker starts by defacing some easily attacked Web sites (like default
Apache installs or those using the scripting language PHP) in an attempt to
gain some credibility within the hacking community. After a year or two, individuals
move out of the defacement attack space and into more sophisticated attack methods.
McAfee and Kaspersky Labs
have recently published reports agreeing with a Symantec
study that found mass-mailing viruses on the decline as virus writers switch
to bots and Trojans. The Kaspersky report describes botnets as "the greatest
threat to the Internet as we know it" and names their detection and prevention
as a priority for the technology industry. The McAfee report finds that the
motivation for botnets and Trojans is profit: The malware can steal private
data or create a platform for spam, malware and denial of service extortion.
Kaspersky estimates that 50,000 new bots are created each month, with a current
total of around several million.
According to anti-virus vendor Panda, the number
of new viruses has almost tripled in the last six months. The spike is attributed
to the many variants of viruses being released, simply repackaged with different
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.