Q
Problem solve Get help with specific problems with your technologies, process and projects.

How did OurMine hackers use DNS poisoning to attack WikiLeaks?

The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from expert Nick Lewis.

WikiLeaks was attacked by the hacking group known as OurMine, which used domain name system (DNS) poisoning to...

take over WikiLeaks' web address. What is DNS poisoning, and how was OurMine able to pull off this attack?

While network security doesn't make headlines as often as data breaches or incident responses, it can still embarrass an organization when it does. Likewise, there are not as many resources devoted to the subject, which makes it an easy target for attackers.

One example is when WikiLeaks was targeted by OurMine in an attack that used DNS cache poisoning to redirect WikiLeaks' website to a webpage hosted by the hacker group.

However, this is not the first time that WikiLeaks has been targeted -- they have also suffered from distributed denial-of-service attacks. These attacks -- along with Border Gateway Protocol attacks -- use network vulnerabilities against the enterprise. But, with enterprises moving toward the cloud and externally hosted systems, network security could have a larger impact.

In this WikiLeaks attack, OurMine targeted the DNS provider with a DNS poisoning attack, which is when a malicious DNS entry is cached on a specific DNS server. However, DNS servers save a copy of the cache of all the names and IPs that users look up to improve performance, so they don't have to look up something that is requested frequently.

OurMine was able to pull off this attack because the group had its web server address cached on the targeted DNS server in the place of the legitimate WikiLeaks DNS address. This resulted in anyone that used that DNS server being redirected from the legitimate WikiLeaks DNS address to the OurMine web server. It was not a direct attack on the WikiLeaks server, but on the supporting systems on which WikiLeaks relies.

To better understand the risk of a network security-related attack, enterprises may want to perform a risk assessment.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in February 2018

Dig Deeper on Web server threats and application attacks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your organization been exposed to DNS cache poisoning?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close