Social Network For Security Executives: Help Make Right Cyber Security Decisions
MIT got hacked.Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.
Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.
Anatomy of the MIT Hack
Step 1: MIT Network Operations Center (NOC) person is sent an email with a malicious link containing a browser exploit.
Step 2: Victim opens the email, clicks the link and gets compromised
Step 3: Attacker steals the “Educause” credentials of the NOC person
Step 4: Attacker creates a cloudflare account with DNS entries pointing to their own servers. Attacker also adds MX records such that mails are forwarded to their own servers.
Step 5: Attacker logs into the Educause domain control panel and changed the nameserver to point to the cloudflare account created before. Also they change the password of the domain control panel-Tweet This Blog
Learning from the MIT hack
-by Bikash Barai, http://www.ivizsecurity.com/blog/