DNS Vulnerability And The New Gunpowder Plotters

Chris Marrison Infoblox

When groups like Anonymous go on the warpath, companies’ DNS services are where they may strike first, warns Chris Marrison

This month saw DNS security issues rise to the fore once again, as internet activists Anonymous marked out 5th November as a day to launch a number of targeted cyber attacks – over 400 years after Guy Fawkes infamously attempted to destroy the Houses of Parliament in London in the since-named “Gunpowder Plot”.

Masked in the image of Guy Fawkes, these activists led worldwide demonstrations and launched a number of online attacks, including targeting over 100 Australian websites in response to allegations that the country spied on Indonesian government officials.

Did Australia spy on Indonesia?

Anonymous © Rob Kints Shutterstock 2012While small businesses, including a dry cleaning company and a bouncy castle hire business were the main victims of this particular heist, large corporations are far from immune to such attacks.

Last month Google Malaysia became the victim of a Domain Name System (DNS) attack, which saw hackers redirecting users to the message, “Google Malaysia STAMPED by PAKISTANI LEETS”, with “Team MadLEETS” claiming responsibility. Similarly, the New York Times website was taken offline by an attack this summer, leaving readers unable to access content for several hours.

While these targeted attacks are threatening in their very nature, these organisations are lucky in that, so far, attacks seem to have been used mainly as a protest mechanism. Should hackers want to do some real damage, they could easily use the DNS to take complete control of the data flow in an organisation – accessing sensitive details such as payment information and gaining access to every email that passes through the business.

DNS is what makes the internet tick. As one of very few services to be almost universally allowed through firewalls, it has been identified as a soft spot for hackers. Yet DNS traffic tends to be filtered less vigorously than other types of traffic such as web or email, and the domain name registry can get largely forgotten by employees, who only deal with it during fairly infrequent renewals. As such, very few businesses think to keep a regular check on DNS traffic or maintain detailed audit trails for DNS lookups.

Multiple DNS attacks

DNS can be targeted through cache poisoning, DNS protocol attacks, man-in-the-middle attacks, DNS tunnelling, domain phishing and DoS/DDoS attacks. Consequently, security is not just a case of protecting a company’s own server – organisations need to ensure that they safeguard themselves against third parties.
One of the key reasons for this security lapse across organisations is ambiguity over who is responsible for taking care of DNS. In a number of businesses, both large and small, just one or two key members of staff truly understand the workings and the weak spots of the DNS, but these are not the employees who deal with it on a daily basis.

The challenge is getting people across the organisation to understand how to protect the business from targeted DNS attacks. DNS, employed by all IP-connected devices, translates domain names into IP addresses. Therefore, even the purchasing department can inadvertently put an organisation’s DNS infrastructure at risk when buying domain names. The security department may be responsible for inputting the initial technology and infrastructure to protect the DNS, but implementation of security practices needs to be spread more widely. Comprehensive protection of DNS infrastructure and services requires a multi-layer security strategy that employs a combination of DNS firewalls, DNSSEC, DoS/DDoS protection systems, DLP monitoring, and dedicated APT-aware analytics systems.

As the backbone of the internet, DNS seemingly takes care of itself – until security lapses are exploited. While some businesses may be complacent, governments worldwide are starting to take Internet security seriously. The specialised United Nations agency, International Telecommunication Union (ITU) is proof of this. Tasked with dealing with similar information and communication issues as those showcased by Anonymous it will be interesting to see if the networking-focused debates at ITU Telecom World 2013 in Bangkok this month will serve to encourage businesses to take better care of their vital DNS security.

Chris Marrison is EMEA technical director of Infoblox