Hacking Group 'OurMine' Temporarily Redirected WikiLeaks DNS Service (theguardian.com) 19

Posted by EditorDavid from the change-of-address dept.
An anonymous reader quotes the Guardian: WikiLeaks suffered an embarrassing cyber-attack when Saudi Arabian-based hacking group OurMine took over its web address. The attack saw visitors to WikiLeaks.org redirected to a page created by OurMine which claimed that the attack was a response to a challenge from the organisation to hack them.

But while it may have been humiliating for WikiLeaks, which prides itself on technical competency, the actual âoehackâ appears to have been a low-tech affair: the digital equivalent of spray-painting graffiti on the front of a bank then claiming to have breached its security. The group appears to have carried out an attack known as "DNS poisoning" for a short while on Thursday morning. Rather than attacking WikiLeaks' servers directly, they have convinced one or more DNS servers...to alter their records. For a brief period, those DNS servers told browsers that wikileaks.org was actually located on a server controlled by OurMine.

  • I'm more interested in the point that the screenshot from the link shows a https link so either the screen shot is fake or they also managed to get hold of a certificate for wikileaks.org

  • Allowing their DNS to be poisoned indicates a lack of technical proficiency regardless of whether the breach was their own. There are several easy to implement technologies to prevent this.

    • They didn't poison the wikileaks DNS servers, they poisoned some ISP:s DNS servers AFAIK. The link in the screen shot also depicts a https address so I wonder if this really was accepted by any modern browser?!
      • Or forget that, they did poison the wikileaks DNS: "An OurMine spokesperson confirmed to the Guardian that the attack was DNS poisoning, carried out through hacking Wikileaks’ domain provider."

