News Local WIRED: Entire internet domain of Cyprus could have been hijacked in internet...

WIRED: Entire internet domain of Cyprus could have been hijacked in internet espionage campaign

Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group carried out a broad campaign of espionage via DNS hijacking, hitting 40 different, mainly governmental, organisations in countries of the Middle East and North Africa, including Cyprus.

The group, named “Sea Turtle” is believed to have compromised multiple country-code top-level domains—the suffixes like .gov.cy or .co.uk that end a foreign web address—putting all the traffic of every domain in multiple countries at risk.

The hackers’ victims include telecoms, internet service providers, and domain registrars responsible for implementing the domain name system.

But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organisations, including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa.

Cisco Talos said it couldn’t determine the nationality of the Sea Turtle hackers, and declined to name the specific targets of their spying operations.

However, it did provide a list of the countries where victims were located: Cyprus, Albania, Armenia, Egypt, Iraq, Jordan, Lebanon, Libya, Syria, Turkey, and the United Arab Emirates.

Cisco Talos said that the group could have been backed by a nation-state.

What is DNS hijacking?

According to Wired, DNS hijacking targets the Domain Name System, the pillar of internet architecture that translates the domain name you type into your browser, such as “google.com,” into the IP address that represents the actual computer where that service is hosted, such as “64.233.191.255.”

Corrupt that system, and hackers can redirect that domain to any IP address they choose.

How could have the hacking affected users?

“When you’re on your computer and visit your bank, you assume DNS servers will tell you the truth,” Cisco Talos researcher Craig Williams told Wired. “Unfortunately what we’re seeing is that, from a regional perspective, someone has broken that trust. You go to a website and it turns out you don’t have any guarantee of who you’re talking to.”

Once the Sea Turtle hackers gained full access to a DNS provider, their spying operations followed a predictable pattern, according to Cisco’s researchers.

The hackers would change the target organisation’s domain registration to point to their own DNS servers—the computers that perform the DNS translation of domains into IP addresses—instead of the victim’s legitimate ones. When users then attempted to reach the victim’s network, whether through web, email, or other internet communications, those malicious DNS servers would redirect the traffic to a different man-in-the-middle server that intercepted and spied on all the communications before passing them on to their intended destination.

The hackers would harvest usernames and passwords from the intercepted traffic. Using those stolen credentials and their hacking tools, the attackers could in some cases penetrate deeper into the target network.

To avoid detection, the hackers dismantled their set-up after no more than a couple of days—but only after they’d intercepted vast troves of the target organisation’s data, and the keys to enter its network at will.

Defending Against Sea Turtle

Cisco Talos has a few recommendations to help organisations minimize the risk of being a victim of a DNS hijacking attack.

  • Use a Registry Lock Service – With registry lock, changes can only be made after an additional message and request for authorization is made.
  • Secure Access with MFA – Domain access should be secured with more than just a username and a password. Multi-factor authentication (MFA) requires the use of a secondary password or token to gain access.

Williams commented that the use of DNSSEC, may help with this issue but the attackers have shown their ability to work around defensive strategies so it’s impossible to say for certain. DNSSEC (DNS security extensions) provide an additional degree of cryptographic assurance to domain name information.

“Patching, Defense in depth, and user education are key,” Williams said.

Read the full WIRED article here.

Top Stories

FM Christodoulides in self-isolation following confirmed case of close associate

  Foreign minister Nicos Christodoulides has become the fourth minister to go into covid self-isolation, following a confirmed case among his close associates. Christodoulides went into...

Concern over rise of covid hospital cases to 38, four critical-new infections over 100

  The Health Ministry today announced 113 new COVID-19 cases, out of 3,112 diagnostic tests, taking confirmed infections to 3,930. The health ministry has expressed concern...

Germany to go into circuit-break lockdown as virus cases surge

  Germany will impose an emergency month-long lockdown that includes the closure of restaurants, gyms and theatres to reverse a spike in coronavirus cases that...

1547-Highest ever number of new covid cases in Greece-deaths on the rise

  Greece recorded one thousand five hundred and forty seven new coronavirus  cases over the past 24 hours, the highest ever number since the start...

Huge 8500 euro fine for unmarked tobacco products

  A twenty nine year old was fined 8 and a half thousand euro for unmarked tobacco products that were discovered by police at his...

Taste

Squash soup

Ingredients: 1 kg pumpkin, cut into small cubes, approximately 5 cups 2 medium (400g) sweet potatoes, cut into cubes, approximately 2 ½ cups 1 chopped leek, only...

Mezedes

No visit to Cyprus is complete without enjoying the traditional meal of many small dishes known as ‘meze’. This large feast, which has been a...

Prawns with fried cheese, barley shaped pasta

Put the barley shaped pasta into a small pan with salted water, bring to a boil and when tender, drain. Peal the prawns leaving...

Salmon and shrimp sheftalies

Mix all ingredients for tabbouli in a bowl and keep to one side so flavours can combine. Prepare the sheftalies: wash and soak the casing...