Tag Archives: Domain name

Fortune 500 Companies Leaked 20GB of Sensitive Information

The following story is just a big LOL: And once again a document of how ridiculously easy is to be a profitable cyber criminal today. Luckily for the prominent corporations that makes up the famous Fortune 500 list, these guys were not hackers – they are IT security researchers.

“If  in six months we were able to collect 20 gigabytes of data, imagine what a malicious attacker could gain.”

Peter Kim – Garrett Gee

All they did was to by internet domain names that was almost identical to the well-known global corporations – just missing a dot. It wasn’t long before emails, containing everything from trade secrets, business invoices, personal information about employees, network diagrams and passwords, started to pour in…

Security researchers Peter Kim and Garrett Gee have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo.

“The emails included trade secrets, personal information, network diagrams and passwords, started to pour in,” the website Naked Security (by security firm Sophos) writes.

The researchers did this by buying 30 internet domains they thought people would send emails to by accident (a practice known as typosquatting).

The domain names they chose were all identical to subdomains used by Fortune 500 companies save for a missing dot.

Having purchased the domains they simply sat back and watched as users mistakenly sent them over 120,000 emails in six months.

Kim and Garrett have not identified their targets but have revealed that they were chosen from a list of 151 Fortune 500 companies they regarded as vulnerable to their variation of typosquatting.

However, the list is jam-packed with household names like Dell, Microsoft, Halliburton, PepsiCo and Nike.

The emails they collected included the following sensitive corporate information:

  • Passwords for an IT firm’s external Cisco routers
  • Precise details of the contents of a large oil company’s oil tankers
  • VPN details and passwords for a system managing road tollways

The researchers also warn of how easy it would have been to turn their passive typosquatting into an even more dangerous man-in-the-middle attack.

Such an attack would have allowed them to capture entire email conversations rather than just individual stray emails.

The two “White Hats” describe they’re metode as “passive email attack”.

And they write:

“During a six‐month span, over 120,000 individual emails (or 20 gigabytes of data) were collected which included trade secrets, business invoices, employee PII, network  diagrams, usernames and passwords, etc. Essentially, a simple mistype of the destination domain could send anything that is sent over email to an unintended destination.”

“If in six months we were able to collect 20 gigabytes of data, imagine what a malicious attacker could gain.”

Well, I’m not sure that would be good for every CEO amongst the Fortune 500’s – it might be bad for their blood pressure, or something…

Because; the report by Kim and Gee do also indicate that they probably not is the first computer geeks who have thought of this:

“After reviewing the WHOIS information from all Fortune 500 companies, we noticed some of the largest companies were already registered to locations in China and to domains associated with malware and phishing. While it is unknown if these domains are used in a malicious fashion, it is apparent that some targeting is happening here.”

Peter Kim and Garrett Gee’s paper “Doppelganger Domains” is available to download from Wired.

Related by the EconoTwist’s:

 

 

2 Comments

Filed under Laws and Regulations, National Economic Politics, Technology

US Government Seize 18 More Websites

The U.S. government seized 18 more internet domains Monday, bringing to at least 119 the number of seizures following the June commencement of the so-called “Operation in Our Sites” anti-piracy program.

“These counterfeits represent a triple threat by delivering shoddy, and sometimes dangerous, goods into commerce, by funding organized criminal activities and by denying Americans good-paying jobs.”

John Morton

The Immigration and Customs Enforcement seizure, in honor of Valentine’s Day, targeted sites hawking big-name brands like Prada and Tiffany & Co.

Customs agents had bought counterfeit bracelets, earrings, handbags, necklaces, rings, sunglasses, wallets and watches with “brand names” from Burberry to Nike and Timberland, the government says.

“These counterfeits represent a triple threat by delivering shoddy, and sometimes dangerous, goods into commerce, by funding organized criminal activities and by denying Americans good-paying jobs. HSI and our partners at the IPR Center will continue to work together to keep counterfeit products off our streets,” ICE Director John Morton says in a statement, according to wired.com.

The seizures are based on the same law the government invokes to seize brick-and-mortar drug houses, for example.

When it comes to internet domain seizures, the US government has jurisdiction over top-level domains such as .com, .org and .net.

The latest seizures, which were done without advance warning to the sites, came nearly two weeks after the government seized 10 domains connected to pirating professional sports video streams.

Preet Bharara, the Manhattan US attorney, blamed such sports broadcasting piracy for “raising prices for tickets and pay-per-view events.”

Meanwhile, in November, the federal government targeted 82 websites, many bartering in counterfeited goods like scarves and golfing gear.

In June, when the seizure program was announced, the government took down nine sites that distributed pirated motion pictures.

Well, this is just getting more interesting by the day…

Blogger Templates

2 Comments

Filed under International Econnomic Politics, Laws and Regulations, Technology