Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
This happened today in Auburn Hills,MI Another Karen .. pic.twitter.com/lWksZwXITD — 🦋Makay (@makaysmith10) July 2, 2020 A woman was arrested yesterday after pulling a gun on another woman and her daughter outside a Detroit-area Chipotle. (Update: she was later charged with felony assault) The circumstances are unclear and in dispute, but mostly on film. It […]
Ghislaine Maxwell, the British heiress and longtime confidant of billionaire sex trafficker Jeffrey Epstein, is in FBI custody. She was arrested in New Hampshire, reports NBC News, and charged with conspiracy to sexually abuse children. The six-count indictment in Manhattan federal court alleges that Maxwell helped Epstein groom girls as young as 14 years old, […]
Porn star Ron Jeremy was charged today with rape and sexual assault, the Los Angeles District Attorney’s office announced today. According to the charges, Jeremy, 67, raped three women and assaulted another in incidents dating back to 2014. Prosecutors allege Jeremy forcibly raped a 25-year-old woman at a home in West Hollywood in May 2014. […]
Despite all of our most fervent hopes, it doesn’t appear the specter of COVID-19 will be leaving us anytime soon. If anything, the past few weeks seems to indicate the need for social distancing and other preventative measures will likely continue indefinitely from coast to coast for a very, very, very long time. Of course, […]
For all their amazing growth over the past 25 years, the most impressive thing about the monumental rise of Amazon might be the speed and sophistication of their lightning-fast delivery network. Sometimes it doesn’t even take 24 hours for the idea you ordered to be perched right on your front porch, ready for use. The […]
You could actually watch a Tyrannosaurus Rex walk down your street right now. And no, this isn’t the latest Jurassic Park sequel. Of course, it isn’t real either, just a Google recreation of some pretty realistic looking dinosaurs transplanted right into any environment around you courtesy of augmented reality. Yet it’s just another example of […]