<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
I noticed this article posted on Tuesday on The Register:</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<a href="http://www.theregister.co.uk/2013/10/08/dns_hijack_attack_spree">http://www.theregister.co.uk/2013/10/08/dns_hijack_attack_spree</a></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
which also points to these stories:</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<a href="http://grahamcluley.com/2013/10/avg-website-palestinian-hackers/">http://grahamcluley.com/2013/10/avg-website-palestinian-hackers/</a></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<a href="http://grahamcluley.com/2013/10/whatsapp-hacked-offline/">http://grahamcluley.com/2013/10/whatsapp-hacked-offline/</a></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
and it appears that early the hosting firm LeaseWeb had a similar DNS hijack:</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<a href="http://blog.leaseweb.com/2013/10/06/statement-on-dns-hijack-of-leaseweb-com-website/">http://blog.leaseweb.com/2013/10/06/statement-on-dns-hijack-of-leaseweb-com-website/</a></div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
>From what I gather from various reports the first three (AVG, Avira and WhatsApp) seem to be due to the registrar, Network Solutions, accepting a fake password-reset request. As reported in the first grahamcluley article, a spokesperson from Avira said:</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
----</div>
<div>
<div><font face="Calibri,sans-serif">It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira.</font></div>
<div><font face="Calibri,sans-serif"><br>
</font></div>
<div><font face="Calibri,sans-serif">Network Solutions appears to have honored this request and allowed a 3rd party to assume control of our DNS. Using the new credentials the cybercriminals have been able to change the entries to point to their DNS servers.</font></div>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
----</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
If this is the case for all of these, there's nothing that DNSSEC or anything else could have done here as the attackers are gaining full access to the domain registrants DNS records and can modify them as they wish.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
Dan</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; ">
<div>--</div>
<div><font face="Calibri,sans-serif">Dan York</font></div>
<div><font face="Calibri,sans-serif">Senior Content Strategist, Internet Society</font></div>
<div><font face="Calibri,sans-serif">york@isoc.org <mailto:york@isoc.org> +1-802-735-1624</font></div>
<div><font face="Calibri,sans-serif">Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org></font></div>
<div><font face="Calibri,sans-serif">Skype: danyork http://twitter.com/danyork</font></div>
<div><font face="Calibri,sans-serif"><br>
</font></div>
<div><font face="Calibri,sans-serif">http://www.internetsociety.org/deploy360/ </font></div>
</div>
</body>
</html>