Possible DNS Hijacking In Phishing Attack On Gmail Accounts
By Joe Purcell
Expert Author
Article Date: 2011-06-03
Gmail accounts including some government officials and Chinese activists were recently compromised by a phishing attack. These attacks are not typical--they are spear phishing attacks where the emails are tailored to the person receiving them. The email is typically sent from a person the victim knows well and is disguised as originating from a legitimate Gmail server, possibly through DNS hijacking. Who is to blame for the attacks is still unclear.
Some would not consider this recent event as news since cyber attacks from China against US networks, more specifically Google, have been going on for some time even as early as 2008. According to a WikiLeaks cable made available to Reuters, some of these recent attacks have been traced back to a unit in the Chinese People's Liberation Army in an operation named "Byzantine Hades." US investigators report that "China has stolen terabytes of sensitive data -- from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems." And these attacks are increasing "from 5,503 incidents in fiscal 2006 to 41,776 four years later."
These spear phishing attacks have been going on since April, and are said to originate in Jinan, China. The US government has moved to declare cyber attacks as acts of war, which make cyber-related tensions all the more serious. The possible use of DNS spoofing is concerning since the user is likely to be completely unaware that the Google page they are viewing isn't authentic. This can be done from the ISP level, home router, or browser. It has been reported before that DNS servers have been compromised before, such as the major ISP Chinese Netcom (CNC). The emails used in the recent attack are said to have used the "ndns01.com" domain which was "registered through Xin Net Technology, a Chinese domain registrar commonly used by spammers and phishers." However, it is not yet confirmed exactly how the phishing attacks were performed.
Gmail has implemented SSL by default to ward off some phishing, but users must make sure they see the "https" in the URL. Google's Security Team has proposed enabling the 2-step verification feature as a measure to add additional security to one's account. However, these spear phishing attacks are hard to detect because they contain seemingly legitimate information and sources.
All the while, China has regarded the latest incident as a fabrication. Whether all the attacks since April, or even since 2008, can all be linked to the Chinese People's Liberation Army is unclear. In the mean time, implementing email encryption adds top level security for communications. Even if emails fall in unwanted hands, the emails will be essentially impossible to read. Time will tell how Google and the internet community will respond to the growing cyber threats.
About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.
|
