Further BGP hijacks of high value authoritative DNS servers' IP space.

Noted by the Oracle/Dyn team at: https://blogs.oracle.com/internetintellige=
nce/bgp-dns-hijacks-target-payment-systems

July 2018 saw multiple attacks on authoritative DNS infrastructure of both =
dedicated DNS service providers and of certain high value internally admini=
stered DNS services which answer authoritatively for multiple of the major =
(primarily US based) credit card processing networks.

While the scope of the advertisements was somewhat contained, they still ma=
naged to get 30% of peers of some of the BGP listening points at which Dyn =
has visibility to accept these more specific routes.

In the case of First Data, the specific networks which answer authoritative=
ly for First Data's Datawire network were among the particular (and obvious=
ly intentionally) selected targets.

While the Dyn article does not mention this, the casual outsider might reco=
gnize First Data as a major player in the credit card payments space, but D=
atawire and the datawire.net domain (which are First Data services for tran=
smission of payment batch settlement data and secure file exchange for thin=
gs like the BIN Master File, etc.) is not well know.

This suggests that one or more parties quite familiar with the payment netw=
orks and the crucial infrastructure of the payment networks (and so, in tur=
n, would be well familiar with the fact that these mostly rely upon TLS enc=
ryption) is attempting to subvert the authoritative DNS for some cause.

I believe it's not a great leap to suggest that they may likely seek certif=
icate issuance.

Just thought I'd ping the list for thoughts...

Matt Hardeman
0
Matthew
8/3/2018 7:57:36 PM
mozilla.dev.security.policy 1337 articles. 2 followers. Post Follow

0 Replies
20 Views

Similar Articles

[PageSpeed] 11

Reply: