Kaspersky Labs reports that an unnamed large Brazilian financial institution with $27B in assets was compromised by hackers who took over its DNS -- by hijacking its NIC.br account -- and for 5 hours were able to impersonate the bank to all its online customers (and possibly to control its ATMs) in order to plunder their accounts and steal their credit card details.
Kaspersky’s Bestuzhev argues that, for banks, the incident should serve as a clear warning to check on the security of their DNS. He notes that half of the top 20 banks ranked by total assets don’t manage their own DNS, instead leaving it in the hands of a potentially hackable third party. And regardless of who controls a bank’s DNS, they can take special precautions to prevent their DNS registrations from being changed without safety checks, like a “registry lock” some registrars provide and two-factor authentication that makes it far harder for hackers to alter them.
Without those simple precautions, the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement. Your encrypted website and locked down network won’t help when your customers are silently routed to a bizarro version deep in the web’s underbelly.
How Hackers Hijacked a Bank’s Entire Online Operation [Andy Greenberg/Wired]
(Image: Bundesarchiv, CC-BY-SA)
(via Naked Capitalism)
Cincinnati landlord Courtland Gundlind had enough of the thief who had recently stolen two air conditioning units from his properties. So he hid a GPS tracker inside a new unit, installed it, and waited for the culprit to strike again. Two weeks later, the air conditioner texted him that it was “on the move.” From […]
South Wales Police announced they were able to access a WhatsApp user’s photos through a backdoor, then extract fingerprint data from a picture of a weed dealer’s hand to help convict 11 involved people.
Matt Bentkowski was stuck in traffic on Interstate 285 East near Atlanta, enjoying “a front row seat” when a driver behind him decided the shoulder would do just fine as a lane. P.S. Instant Justice YouTube is obviously a lot of fun, but there’s plenty there you might not want to bother with first thing […]
Our world is a colorful one, and when it comes time to repaint the house or create a new design, many of us look to our surroundings for inspiration. However, matching colors from the outside world to our canvas isn’t the most precise process when we’re just eyeballing it. The Nix Pro Color Sensor removes the […]
You probably remember the Twisty Glass Blunt since we love to write about it. And you may also remember its little buddy, the Twisty Glass Mini. Well, today we’ve got a fun surprise that isn’t so little. Less isn’t always more, and on those days when you need to decompress with a good smoke, the Twisty XL […]
Another year, another iteration of Samsung’s Galaxy smartphone—except this time around Samsung sought to redefine what a smartphone can do completely. Boasting a 6.2″ Quad HD+ Super AMOLED (2960×1440) infinity display, and an elite 10nm 64-bit Octa-Core Processor with 6GB RAM, the S9+ is an absolute powerhouse with a price tag to match. However, you […]