How MIT website got hacked despite having any vulnerability ?

MIT got hacked.Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.

Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.MIT got hacked

 

Anatomy of the MIT Hack

Step 1: MIT Network Operations Center (NOC) person is sent an email with a malicious link containing a browser exploit.

Step 2: Victim opens the email, clicks the link and gets compromised

Step 3: Attacker steals the “Educause” credentials of the NOC person

Step 4: Attacker creates a cloudflare account with DNS entries pointing to their own servers.  Attacker also adds MX records such that mails are forwarded to their own servers.

Step 5: Attacker logs into the Educause domain control panel and changed the nameserver to point to the cloudflare account created before. Also they change the password of the domain control panel-Tweet This Blog

(Read more:  Bring out the "Thought Leader in You" ! Become our guest author )

Learning from the MIT hack

  • Just securing the applications is not enough
  • You need to look into complex possibilities of social engineering vectors
  • Have a robust Emergency Response process-Tweet This Blog

 

-by Bikash Barai, http://www.ivizsecurity.com/blog/

(More:  Want to be an author? Nominations open for co-authors of CISO Handbook)

Views: 1085

Comment

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Comment by Mubashir Ahmad on July 5, 2013 at 4:18pm

Again old story, weakest link "Human Being" opened the mail and provide the chance to hackers to play arround with IT inftrastructure of MIT.

Security Awareness Training again and again even to technical people who take it for granted.

Mubashir

Comment by David Stark on January 24, 2013 at 7:40pm

MIT's website has been hacked twice in less than a week.I cannot agree more to what Bikash said " just securing your application is not good enough !"

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts