Friday, January 04, 2008

DNS Poisoning/Redirection of ITECC, DOJ and CIDG Websites to Enchanted Kingdom

The Inquirer news report bannered a story of the websites of Department of Justice (DOJ), ITECC and PNP-CIDG were redirected to the website of Enchanted Kingdom, a theme park in Sta. Rosa, Laguna.

The report showed how people in the law enforcement and government admistering (in)justice can be so clueless what hit them. EK, as what Enchanted Kingdom is popularly known, is going to its site hosting for questions and guesses malice for the site redirection. No hint of the actual method was presented so the people doing the investigation on the matter still don't know what to do.

I can offer an explanation though and it involves a technique known as DNS poisoning or DNS cache poisoning, used in pharming where legitimate requests to victim websites are re-directed to bogus/spoofed ones inorder to trick visitors to divulge personal information such as username/passwords, PINS et al. This attack however merely re-directed government sites to a EK possibly by hackers to make fun of the government who still has to learn information security (there are only a few of us information security practitioners here in the Philippines and most of them in the private sector). The government and the military can't even keep their secrets to themselves so what do you expect?

I recommend checking your DNS servers for signs of cache poisoning and check/patch all vulnerabilities for this event not to happen again. Other causes of this problem may have been a misconfiguration of the webserver, network problem, load balancer (if there's one) or a compromised/misconfigured DNS (domain name server). The report claims the sites are hosted by PLDT so PLDT can give out explanations for these incidents (though I doubt if they'll release the true story of they're the ones to blame)

No comments:

Post a Comment