Hackers take control of security firm’s domain, steal secret data

(credit: Yuri Samoilov/Flickr)

A Dutch security firm recently fell victim to a well-executed attack that allowed hackers to take control of its servers and intercept clients’ login credentials and confidential data.

The security firm, Fox-IT, said in a blog post published last week that the so-called “man-in-the-middle attack” lasted for 10 hours and 24 minutes, although the attack was largely contained for much of that time. The attackers carried it out by gaining unauthorized access to Fox-IT’s account with a third-party domain register. Next, they changed a domain name system record that designated the IP address that corresponded to the the security company’s client portal. With that, the attackers effectively hijacked control of fox-it.com and all traffic sent to it.

The attackers were able bypass protections provided by HTTPS-based encryption by first using their control of the Fox-IT domain to obtain a new transport layer security certificate. The process happened in the first 10 minutes of the attack, during which time all Fox-IT email was rerouted to the attackers. With that in place, the attackers were able to able to decrypt all incoming traffic and to cryptographically impersonate the hijacked domain. After intercepting and reading incoming traffic, the attackers forwarded it to Fox-IT in an attempt to prevent company engineers from detecting the attack.

Read 6 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.