Lankan hackers claims DNS attacks against Symantec, Apple, Microsoft
September 1, 2011 07:24 am
Posting the news and records of its exploits on Pastebin, the group is taking credit for launching “DNS Cache Snoop Poisoning” attacks against its victims.
DNS cache snooping is the process whereby hackers can query a DNS server to find out which domain names are being resolved into IP addresses.
DNS cache poisoning is a method through which hackers are able to insert malicious and fake records into the cache of DNS servers. As a result, the hackers can then spoof a response to a DNS query, forcing users to go to a phony Web site instead of the real one.
Since DNS, or domain name system, servers maintain the records that assign domain names to IP addresses, attacks against them are especially alarming since they can compromise part of the very foundation of the Internet.
The information posted on Pastebin by Anonymous Sri Lanka shows that the group was able to scan and in some cases expose the DNS information of the companies it targeted, according to Cyber War News. But there’s no indication that the hackers were able to modify any of the DNS records that they touched.
In the record of its DNS attack against Symantec, Anonymous Sri Lanka boasts that it breached the “world’s second-largest software (antivirus) leader/giant” and says that it captured almost the entire DNS pool, including the company’s corporate customers, production servers, and testbeds. The group touted the same DNS Cache Snoop Poisoning attacks against Facebook, Skype, Apple, Cisco, Microsoft, and Novell.
Beyond its attacks against several major tech companies, Anonymous Sri Lanka has also claimed DNS hacks against several groups and agencies in Sri Lanka, including the nation’s Parliament, military, and largest telecom provider.
The group tried to justify its actions in some of its comments.
Lashing out at Facebook, Anonymous Sri Lanka said that the way the social network controls and treats its members is not acceptable under any circumstances. Explaining its attack against Skype, the group claimed that the online video service is “eavesdropping the entire VoIP traffic at several nodes for sure.”
The attacks appear to have started on August 22 against the Sri Lankan telecom provider and continued on into yesterday with the attack against Skype.
Responding to a request for comment, a spokesman for Symantec sent CNET the following statement:
“Symantec is one of the most visible targets in the world for cyberattacks on a daily basis. We do not delineate the identity of individuals or organizations who may or may not be the source of said attacks. We monitor our networks closely on a 24/7 basis and have not detected any inordinate or suspicious rates of traffic or activity. To date, we have found no evidence that any of our business critical servers have been breached or that any information on our networks belonging to Symantec or our customers has been exposed. We take these scenarios very seriously and will continue to monitor the situation closely to ensure that there are no further attempts to compromise the system and to ensure that any customer information remains protected.”
Requests for information to Facebook, Microsoft, Apple, and Skype were not immediately returned, CNET reports.