recentpopularlog in


« earlier   
Telegram traffic from around the world took a detour through Iran
PJS, an Iranian state-owned telecommunications firm, hijacked traffic from the messaging app Telegram traffic on Monday in what is known as a BGP (Border Gateway Protocol) attack. The attacks were detected by multiple Internet traffic monitoring sites, including Cisco's BGPMon and Oracle's Internet Intelligence The BGP hijacking comes just a day before planned protests in the country, reports Patrick Howell O'Neill for Cyberscoop:

"Data from the popular encrypted messenger app Telegram was hijacked by Iran’s state-owned telecommunications giant on Monday, a day before proposed protests over the country’s economic crisis. The move looks to be a BGP hijack, a practice where an intermediary illegitimately takes over groups of IP addresses so data originally destined for one place can be forcefully sent to another...BGP, or the Border Gateway Protocol, is the technology that exchanges routing data across the various networks that make up the entire global internet. 'Once a valid BGP hijack occurs, the hijacker can perform [man-in-the-middle] attacks, eavesdropping, etc.,' said Nico Waisman, a cybersecurity researcher at Cyxtera. Iran’s minister of Information and Communications Technology confirmed the reports in a Tweet on Monday night, saying that 'in the event of an error, whether inadvertent or intentional, the Telecommunication Company of Iran will be severely penalized.' An investigation is underway...Iranian researcher and activist Nariman Gharib told CyberScoop that Tuesday’s protests have been organized via Telegram. One example of a Telegram post for the protests [shown in the article] calls for people to 'gather in the main squares of cities in protest against the tumultuous wave of unemployment and inflation.'"
otf  iran  bgp  hijack  telegram  mena  protests 
7 weeks ago by dmcdev
Shutting down the BGP Hijack Factory
It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.”
a:Doug-Madory  bgp  trust  internet  f:blog-post  infrastructure  bad-tech  bitcanal  p:Vantage-Point  hijack  network-security  dyn 
10 weeks ago by andrewjbates
BGP Hijack of Amazon DNS to Steal Crypto Currency | Dyn Blog
However, the users of networks that accepted the hijacked routes (evidently including Google’s recursive DNS service) sent their DNS queries to an imposter DNS service embedded within AS10297. If these users attempted to visit, the imposter DNS service wouldn’t direct them to Amazon Web Services (which normally hosts the site), but to a set of Russian IP addresses, according to CloudFlare.
bgp  hijack  cryptocurrency  cybersecurity  amazon  aws  google  dns 
may 2018 by bwiese
Fox-IT hit by cyber attack - Fox-IT (ENG)
What a wonderfully transparent after-action review of an incident. Though changing the registrar password regularly doesn't seem like it would buy them much, as they kept their password in a vault and rarely used it (low chance of extraction/exfil), and the subtle implication the registrar got owned. Though as a mitigation to lack of 2FA, at the registrar, maybe worthwhile. But the real need is watching for abnormal events, which requires a registrar change feed or external monitoring, as you need to trigger on registrar change events or general DNS SOA changes.
DFIR  case  study  DNS  registrar  hijack  MitM  reference  information 
december 2017 by asteroza
'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia | Technology | The Guardian
a small but growing band of Silicon Valley heretics who complain about the rise of the so-called “attention economy”: an internet shaped around the demands of an advertising economy.
ethics  technology  mind  hijack 
october 2017 by gdw

Copy this bookmark:

to read