Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Like Google in Vietnam, Lenovo tripped up by a DNS attack

Jeremy Kirk | Feb. 27, 2015
Both sites were redirected after hackers tampered with DNS records.

On Monday, Google's site for Vietnam briefly redirected people to another website. Like Lenovo, Google also had its google.com.vn domain name registered with Webnic.

It is possible that Webnic.cc has a vulnerability in its network that was discovered by the Lizard Squad and allowed changes to be made to domain name registrations. Another possibility is that the Lizard Squad obtained the authentication credentials used by those companies to modify domain name records.

It's considered a low-brow style of attack, but changes to domain name records can be dangerous for Web users since there's little they can do to protect themselves.

Such attacks -- especially against websites that receive a lot of traffic -- are powerful because attackers could redirect them to websites that try to automatically install malicious software. But that doesn't appear to be the case with either the Lenovo or Google redirects.

Domain name registrars have been slowly implementing a security technology called DNS Security Extensions (DNSSEC) to better protect domain name records. DNSSEC uses public key cryptography to digitally "sign" domain names and corresponding IP addresses.

The technology is complicated to set up, however, and it has been a years-long effort to see it supported by registrars and hosting providers.

DNSSEC could have prevented the attack against Lenovo or "at the very least it would have made it much more complicated and slow to do with many more steps for the bad guys before they succeeded," Rogers said.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.