Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
Capitalism has a foundational dependence on auditors -- outside entities who evaluate companies' claims about their financial state so that investors, suppliers and customers can understand whether to trust the companies with their money and business -- but those auditors are paid by the companies they're supposed to be keeping honest, and to make matters […]
In 2019, knife crime in England and Wales hit record highs with police counting 44,000 offenses over a year span, half of which were stabbings. In an effort to help (and also probably to, ahem, get some press), UK cutlery brand Viners is now selling a line of knives with squared-off tips. From Insider: Due […]
TV-talking lawyer of Stormy Daniels vs. Donald Trump fame is now in federal custody
We’ve all got a perfect website in our minds. In the past, the problem has been the barrier of language – specifically, the computer languages used to create those glittering, animation-filled pages you flock to. Now, Mac users have an alternative. Blocs 3 is a website builder that can provide an easy visual interface for […]
You can do all the pre-workout stretching in the world, but that doesn’t mean you’ll escape stiff muscles and nagging pain after a particularly grueling gym session. When those knots and their accompanying aches and soreness start barking, your options usually boil down to either a deep tissue massage or just grinning and bearing it. […]