phone

World's top web sites hacked

September 05, 2011

There has been a recent rash of high profile websites being “hacked”. Here is a description of how the intrusions occurred, and what companies will do to protect themselves in the future.

What do Microsoft, Google, Epson, HSBC, Coca-Cola and Interpol have in common? Some of their web properties were victims of web site hacking recently. Unfortunately for them, it has nothing to do with their own web security! Let's take a look at the three different techniques the wrongdoers took.

1. DNS
The “Domain name system” is the service that translates adeointernetmarketing.com to 38.127.71.14 which is the actual server address associated with the name. By compromising that system, the hackers were able to route traffic to another unauthorized destination - their own server – and display any page of their choosing. Luckily this time the only page displayed was a prank message.

2. Domain registrar
Before you can assign an address to a domain name, you must purchase that domain name from a registrar. The registrar is responsible for defining the master name servers for the domain. All other name servers on the Internet will simply mirror those. So again, redirecting traffic to unauthorized servers becomes possible.

3. SSL
The “Secure socket layer” is the mechanism that encrypts your data when it is sent to and from a distant server. SSL certificates are only meant to be issued to the domain name owner, but for the first time a root certificate provider was compromised and it issues valid certificates to a third party. Armed with these illegitimate certificates, the hackers were potentially able to sniff encrypted transmissions, and decrypt the content so it could be read.

It's important to note that in all cases, the hackers were unable to break in to the sites directly. This shows that websites themselves are becoming extremely well hardened. Instead, the hackers resorted to getting past the defences of sites lower down the technology chain.

Therefore users can rest assured that there was no widespread data intrusion that took place. In fact the break-ins were more theoretical in nature than they were practical. And I can guarantee you that these low-level players currently required to make the Internet work will not survive as small independent entities for much longer. Large Internet companies like Google will take these requirements into their own hands, if they haven't already. If not, specialized security firms will offer ultra-secure solutions that large organizations will use initially and will eventually become standard for everyone.

http://www.eweek.com/c/a/Security/Attack-on-NetNames-DNS-Servers-Shifts-Web-Traffic-Away-From-Major-Web-Sites-199106/
http://www.zdnet.com/blog/networking/fake-ssl-certificates-pirate-web-sites/1428
http://www.zdnet.com/blog/btl/epson-hsbc-korea-domain-registrar-hacked-100000-domains-affected/55864