- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
HD Moore has been owned. That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack.
It happened on Tuesday morning, when Moore's company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas, area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company. (Listen to a podcast about a recent DNS attack.)
When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.
No BreakingPoint computer was actually compromised by the incident, but it was still pretty annoying.
BreakingPoint employees noticed the problem early Tuesday after friends and family who were also using the AT&T DNS server noticed that their Google.com Web page didn't look quite right (hackers had omitted the NASA-themed logo that Google used on Tuesday).
In early July, computer security experts began warning this type of cache poisoning attack could be pulled off much more easily than previously thought, thanks to a new technique. Early last week, technical details of this attack were leaked to the Internet, and HD Moore's Metasploit project quickly released the first software that exploited this tactic.
Now he's one of the first victims of such an attack. "It's funny," he joked, "I got owned."
Things may not be so funny to ISPs who are scrambling to roll out patches to their DNS software before these attacks become more widespread.
The flaw has to do with the way that DNS programs share information over the Internet. In a cache poisoning attack, the attacker tricks a DNS server into associating malicious IP addresses with legitimate domains, such as Google.com. Security experts say that this type of flaw could lead to very successful phishing attacks against Web surfers whose ISPs have not patched their servers.
Because of the nature of the AT&T hack, Moore doesn't believe that he was targeted by the hackers. Even BreakingPoint employees didn't realize that their internal DNS server had been configured to use the AT&T machine. Instead, he thinks that the hackers were simply trying to make a quick buck.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (11)
the pointBy Anonymous on August 4, 2008, 3:40 pmThe point is that justice is served, not about HD's technical prowess and whether he personally was 'pwned' or not. Karma dude, that's all I'm saying.
Reply | Read entire comment
You are so full of it!By Anonymous on July 31, 2008, 2:13 pmFirst off, HD moore did not get pwned. Get the story right. His found that an upstream DNS server had been poisoned and was handing out a malicious i-frame for Google....
Reply | Read entire comment
Time Warner, TooBy danorton on July 31, 2008, 2:00 pmI also got a report of this happening on Tuesday morning at a Time Warner customer in Austin. It was redirecting traffic for www.google.com to a website at hostmonster.com
Reply | Read entire comment
snoof.c/logicmooBy Anonymous on July 31, 2008, 12:23 amGoogle "snoof.c" This exact exploit can be patched to return multiple answers so for example the snoof is going to use 5474564561 as the transaction ID for nasa.gov...
Reply | Read entire comment
pwned! Even Cartman knows that.By Anonymous on July 30, 2008, 9:04 pmpwned! Even Cartman knows that.
Reply | Read entire comment
View all comments