Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
“This man murdered someone,” the victim’s brother, Adarius Carr, said at a news conference. “He should be arrested.”
German law allows convicted criminals to deliver a "final word" ("Schlusswort") in court after their sentencing; this right is typically waived or used to deliver a few words of apology and remorse, but when a Hamburg court sentenced 71-year-old bank robber Michael Jauernik to 12 years in jail, he used his "final word" to speak […]
Google and the other big tech companies are some of the most lavish funders of climate denial "think tanks" and lobbying groups, something they've been at continuously for more than six years, without interruption.
Get ready for the stream of your dreams, binge-watchers. There’s a contest afoot, and at stake is a lifetime subscription to Netflix. All you have to do is sign up, and you’re entered to win this ultimate Netflix plan. When does it expire? Only when you do. And hey, just in case you need something […]
There’s overwhelming support for clean energy, and the planet is giving us more reasons to invest in renewable power sources with every passing year. Even in the most inhospitable areas, wind and solar can provide a good chunk of our power, if not all of it. So why aren’t we all taking advantage of it? […]
Hey, we love Netflix and Hulu, but let’s face it: The whole setup doesn’t exactly encourage active viewing. For all the binge-watching we’ve done, it’s tough to expand our horizons or learn anything new – except for how many episodes of “The Office” it takes to make us fall asleep. It was only a matter […]