It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.
When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.
BreakingPoint employees noticed the problem early today after friends and family who were also using the AT&T DNS server noticed that their Google.com Web page didn't look quite right (hackers had omitted the NASA-themed logo that Google used on Tuesday).
In early July, computer security experts began warning this type of cache poisoning attack could be pulled off much more easily than previously thought, thanks to a new technique. Early last week, technical details of this attack were leaked to the Internet and HD Moore's Metasploit project quickly released the first software that exploited this tactic.
Now he's one of the first victims of such an attack. "It's funny," he said. "I got owned."
Thursday, August 7, 2008
DNS Attack Writer a Victim of His Own Creation
Subscribe to:
Post Comments (Atom)
1 comments:
Hah, should have patched the server.... AT&T sucks....
Post a Comment