MIT got hacked.Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.
Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.
Anatomy of the MIT Hack
Step 1: MIT Network Operations Center (NOC) person is sent an email with a malicious link containing a browser exploit.
Step 2: Victim opens the email, clicks the link and gets compromised
Step 3: Attacker steals the “Educause” credentials of the NOC person
Step 4: Attacker creates a cloudflare account with DNS entries pointing to their own servers. Attacker also adds MX records such that mails are forwarded to their own servers.
Step 5: Attacker logs into the Educause domain control panel and changed the nameserver to point to the cloudflare account created before. Also they change the password of the domain control panel-Tweet This Blog
(Read more: Bring out the "Thought Leader in You" ! Become our guest author )
Learning from the MIT hack
- Just securing the applications is not enough
- You need to look into complex possibilities of social engineering vectors
- Have a robust Emergency Response process-Tweet This Blog
-by Bikash Barai, http://www.ivizsecurity.com/blog/
(More: Want to be an author? Nominations open for co-authors of CISO Handbook)
Again old story, weakest link "Human Being" opened the mail and provide the chance to hackers to play arround with IT inftrastructure of MIT.
Security Awareness Training again and again even to technical people who take it for granted.
MIT's website has been hacked twice in less than a week.I cannot agree more to what Bikash said " just securing your application is not good enough !"