Posts Tagged ‘hijack’

Lenovo, Google websites hijacked by a DNS attacks | PCWorld

Thursday, February 26th, 2015

The redirection of both Lenovo’s website and Google’s main search page for Vietnam this week highlights weaknesses with the Internet’s addressing system.

On Wednesday, visitors to lenovo.com were greeted with what appeared to be webcam images of a bored young man sitting in a bedroom, and the song “Breaking Free” from an old Disney movie. On Monday, Google’s site for Vietnam also briefly redirected people to another website.

Both Google and Lenovo were victims of “domain hijacking,” a type of attack against the Domain Name System (DNS), which translates domain names into IP addresses that can be called into a browser.

The domain name records for both companies were modified to redirect to different websites when people entered “lenovo.com” and “google.com.vn.”

The changes were apparently made through Web Commerce Communications, known as Webnic.cc, a Malaysian company that registers domains names.

The hacker group Lizard Squad has claimed credit for the defacements. Lenovo appeared to restore service at one point on Wednesday afternoon, but later was unavailable due to system maintenance, a notice said. Webnic.cc could not be immediately reached for comment.

In Lenovo’s case, the hackers changed Lenovo’s domain name registration details to redirect to nameservers at CloudFlare, a San Francisco-based company that specializes in bettering the performance of websites through extensive caching. Nameservers tell a computer which IP address to look up to view a website.

lenovo1

Lenovo’s home page appears to have been hacked

CloudFlare’s servers then redirected people trying to go to lenovo.com to two IP addresses hosted in the Netherlands by the company Digital Ocean, said Andrew Hay, senior security research lead for OpenDNS, a company that specializes in DNS-related security.

Those redirected to the other sites saw the webcam images of the bored young man. The source code for the Web page included the line: “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey,” referring to persons who have reportedly been connected to the hacker group Lizard Squad.

The Lizard Squad’s access to Lenovo’s registrant account also allowed it to capture some of Lenovo’s email, which the group posted excerpts of on Twitter.

Lenovo has already been under pressure in the last week for pre-installing a secretive application called Superfish on its laptops, which substitutes some ads on encrypted websites but also created a major security vulnerability.

CloudFlare offers free services that are sometimes abused by miscreants, but the company said it moved fast to help fix Lenovo’s problem.

“As soon as we saw the unauthorized transfer, we took control of the account, notified Lenovo and worked with them to restore service while they worked on getting their domain back,” said Marc Rogers, principal security researcher at CloudFlare.

On Monday, Google’s site for Vietnam briefly redirected people to another website. Like Lenovo, Google also had its google.com.vn domain name registered with Webnic.

It is possible that Webnic.cc has a vulnerability in its network that was discovered by the Lizard Squad and allowed changes to be made to domain name registrations. Another possibility is that the Lizard Squad obtained the authentication credentials used by those companies to modify domain name records.

It’s considered a low-brow style of attack, but changes to domain name records can be dangerous for Web users since there’s little they can do to protect themselves.

Such attacks—especially against websites that receive a lot of traffic—are powerful because attackers could redirect them to websites that try to automatically install malicious software. But that doesn’t appear to be the case with either the Lenovo or Google redirects.

via Lenovo, Google websites hijacked by a DNS attacks | PCWorld.

Hacking Cable TV Networks to Broadcast Your Own Video Channel (POC @ HITB)

Monday, May 26th, 2014

 

I was watching my favorite show on the television and it was just half over when I saw something which was definitely not a part of the show I was watching. My television screen gone blank for a couple of seconds and then what I saw was totally unbelievable for my eyes.It was my friend ‘Rahul Sasi’ on the television and I was still wondering that how did he interrupted in between a television show like happens in Sci-Fi movies, someone hijacks television or computer to deliver some kind of message or warning. Also like in some horror movies in which sometime ghostly images interrupts between the television and suddenly comes out. Oh my god!But, nothing happened like that in my case, my friend didn’t came out. Just few minutes later I was again redirected to the same show I was watching, only a part of it I missed, but never mind I’ll watch it on the YouTube later.I think you might be thinking as if I am kidding, but it’s true. My friend Rahul Sasi is a well known Indian security researcher, and founder of Garage4Hackers Forum. This was a surprise demonstration he gave me last weekend on “Hacking Your Cable TV Networks,” which he is going to present next week at Hack In The Box HITB Security Conference in Amsterdam.

A year back, similar attack was noticed by the Television viewers in Great Falls, Montana, when a hacker interrupted the television show by a message, warning the viewers that “dead bodies are rising from their graves and attacking the living”.  But, this is going to be the first time when someone will give a Live demonstration on Hacking the cable television networks. From last eight to nine months, Rahul is working with a local cable TV network provider, where he discovered insecure implementations and weak architecture of the Cable TV networks, that could be abused by any potential hacker to carry out large scale attacks.Unlike Internet, Television is one way medium, and if someone hijack any cable TV network service provider and display an emergency alert or a stream in a Video stating that a riot has started in your nearby city. Which in real is only a hoax, perpetrated by as-yet unknown hackers, but can cause enough panic among the people.In the presentation, Sasi will demonstrate how a potential attacker can leverage the weakness in the Cable TV networks to hack various standards for the broadcast transmissions including the Analogue Cable TV, DVB-C and IPTV.He will perform Man-in-the-Middle MITM attack on Cable TV networks to capture and modify the channels frequencies.

via Hacking Cable TV Networks to Broadcast Your Own Video Channel.